This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Projects/OWASP NAXSI Project"
From OWASP
Line 5: | Line 5: | ||
| project_home_page = OWASP NAXSI Project | | project_home_page = OWASP NAXSI Project | ||
− | | project_description = Naxsi is | + | | project_description = *Naxsi is an open source, high performance, low rules maintenance, Web Application Firewall module for Nginx, the infamous web server and reverse-proxy. |
+ | |||
+ | *Its goal is to help people securing their web applications against attacks like SQL Injections, Cross Site Scripting, Cross Site Request Forgery, Local & Remote file inclusions. | ||
+ | |||
+ | *The difference with most WAF (Web Application Firewalls) out there is that it does not rely upon signatures to detect and block attacks. It uses a simpler model where, instead of trying to detect "known" attacks, it detects unexpected characters in the HTTP requests/arguments. | ||
+ | |||
+ | *Each kind of unusual character will increase the score of the request. If the request reaches a score considered "too high", the request will be denied, and the user will be redirected to a "forbidden" page. Yes, it works somewhat like a spam system. | ||
+ | |||
| project_license = [http://www.gnu.org/licenses/gpl-2.0.html GPL 2.0] | | project_license = [http://www.gnu.org/licenses/gpl-2.0.html GPL 2.0] |
Revision as of 15:00, 6 September 2011
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|