ModProfiler

Web application security is a big problem, yet there is never enough time to dedicate to solving the issue or, at least, to making it smaller. To help with this, we embarked on a project that would enable you to tighten the security of your web applications with little effort. The project, called ModProfiler, aims to provide best-possible protection for web applications by analysing web application traffic passing by.

The premise is simple: ModProfiler works by observing what's valid and what's not, resulting with a tight application shield designed around the positive security model concept. The process of shield construction is not as simple, but the complexity is hidden away.

ModProfiler is currently under development. You can find the most recent public release below. While you are encouraged to use it to create models of your web sites, you should be aware that there's still some way to go until ModProfiler implements all the features described in the whitepaper (see below) and becomes production ready.

To share your experiences with us, please join us on the ModProfiler mailing list.
You can follow our progress and report problems using our issue tracking application.

Downloads:

Whitepaper: Enough with Default Allow in Web Applications!
(Also read Ivan's blog posts on the topic, here and here.)
ModProfiler (whitepaper included): ModProfiler-0.2.0.tar.gz