Connect with us

Hi, what are you looking for?

Hard News Hard Hitting News Source Global Political News

Cyber Security

Meet teler-waf: Security-focused HTTP middleware for the Go framework

A developer has released a new tool for Go applications that is designed to combat web-based attacks.

Developer and security engineer Dwi Siswanto revealed the open source teler-waf software on January 2. The 24-year-old said on Twitter that the technology was designed to “improve the security of Go-based web applications”.

Available on GitHub, teler-waf acts as HTTP middleware, with an interface for integrating intrusion detection system (IDS) functionality into existing applications.

Teler-waf’s security functions include protection against common web-based threats, such as cross-site scripting (XSS) attacks and SQL injections.

Furthermore, the tool will detect bad IP addresses linked to known threat actors and botnets; malicious HTTP referers, crawlers, and scrapers suspected of causing performance issues or performing illicit data scraping; and locations associated with directory-based brute-force attacks.

Under the bonnet

Speaking to The Daily Swig, Dwi, who developed teler-waf independently, said the software has several benefits.

A key feature, for example, is the use of datasets updated daily that track known vulnerabilities and malicious patterns of attack. External resources include information from the PHPIDS project, CVE lists from the Project Discovery team, and collections sourced from the Nginx Ultimate Bad Bot Blocker and Crawler Detect.

In addition, teler-waf comes with a net/http handler for integration with application routing functionality, which Dwi said “makes it easy to integrate into any framework and [is] also highly configurable, allowing it to be tailored to the specific needs of a given web application.

“When a client makes a request to a route protected by teler-waf, the request is first checked against the teler IDS to detect known malicious patterns,“ the developer says. “If no malicious patterns are detected, the request is then passed through for further processing.”

Show and teler

Dwi is also the creator of teler, a real-time HTTP intrusion detection and threat alert system.

He told us that the popularity of the Go framework persuaded him to adapt teler IDS to resemble a past project, AntiScanScanClub, an automatic website scan blocker package.

“My goal was to use teler IDS functionality not only for detection, but also for early prevention,” he explains. “I could say that teler-waf is a progress from the AntiScanScanClub.”

At this time, there is no formal development timeline, although there are hopes for future contributors to join and some milestones are “still being determined”.

Teler-waf’s inaugural and current release, v0.0.1, is labeled as experimental.

Dwi said: “It [is] experimental because there are currently some TODO lists I [have] to revisit that need to be addressed, which might be major changes that could affect both configuration and performance. I hope that teler-waf will become stable and ready for use in production in the near future.”

Advertisement. Scroll to continue reading.

As Go continues to increase in popularity, other developers have also released tools to protect applications built using the language. In December, for instance, Viktor Chuchurski and Alessandro Cotto released Safeurl, software designed to thwart server-side request forgery (SSRF) attacks.

Copyright 2021 Associated Press. All rights reserved.

Source: https://portswigger.net/daily-swig/meet-teler-waf-security-focused-http-middleware-for-the-go-framework

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has given federal agencies three weeks to secure Adobe ColdFusion servers on their networks against two...

Cyber Security

Businesses and developers are focusing more on the security of applications in their digital environment as cyber threats and data breaches continue escalating. The...

Cyber Security

HCL BigFix is an endpoint management platform that has the capability to automate discovery, management, and remediation. It can find and fix vulnerabilities on...

Cyber Security

The Environmental Protection Agency cited a lack of resources and the sheer volume of critical vulnerabilities as the reasons for its inability to patch...

Copyright © 2023 Hard News Herd Hitting in Your Face News Source | World News | Breaking News | US News | Political News Website by Top Search SEO