Scalp: Log Analyzer Finds Web Attacks

Sep 17, 2008

Romain Gaucher, a specialist in web security, offers his Scalp tool in version 0.4. The log analyzer searches for attacks on Apache web applications.

Scalp’s Python script uses regular expressions of the PHP Intrusion Detection System (PHPIDS) project that monitors attacks on PHP applications. Methods used include cross-site scripting (XSS), cross-site request forgery (CSRF) and SQL injection. Because the Apache web server in its standard form does not employ POST request variables, it can detect only GET request attacks.

The tool outputs its results as a report in text, XML or HTML format (here an example).

Scalp can sort its search results by type of attack, as a formatted HTML page.

In its standard form, the script can handle Apache logs of more than 100 megabytes without a problem, according to Gaucher. Limiting the analysis to a timeframe and a particular type of attack can further reduce the search time for large data sets. The program also allows spot checks in large log files.

The tool consists of a single Python script. Users will also need to download a default filter file. Both are available on the project home page.

Romain Gaucher is currently working on a C++ version of his program.

Related content

  • Honeynet

    Security-conscious admins can use a honeynet to monitor, log, and analyze intrusion techniques.

  • BackTrack

    The BackTrack live distribution lets you act like an intruder to test your network’s security.

  • Intrusion 101

    You need to think like an attacker to keep your network safe. We asked security columnist Kurt Seifried for an inside look at the art of intrusion.

  • Memory Analysis

    In computer forensics, memory analysis is becoming increasingly important as a means for investigating security incidents. In this article, we provide an overview of the various memory dumping options on Linux and introduce the support in Linux for the Volatility Analysis Framework.

  • Splunk Announces SDKs for Java and Python

    New SDKs aim to integrate Splunk with big data applications.

comments powered by Disqus

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia