Hinnerk Altenburg» epublica | Hinnerk Altenburg, Hamburg

Moved from epublica GmbH to XING AG

Hinnerk — Fri, 06 Feb 2009 11:16:17 +0000

As per February, 1st I moved with epublica’s entire XING.com core development team to the XING AG itself, now developing the platform ‘inhouse’ as XING employee.

PerlIDS-Artikel im deutschen Perl-Magazin $foo erschienen

Hinnerk — Tue, 03 Feb 2009 17:27:50 +0000

Mein vierseitiger Artikel zum Perl-CPAN-Modul CGI::IDS ist in der aktuellen Ausgabe 1/2009 des deutschen Perl-Magazins $foo erschienen.
Ich gebe darin einen Überblick über die Funktion und den Einsatz von PerlIDS zur frühzeitigen Erkennung von CrossSite-Scripting, SQL-Injections und ähnlichen Angriffen auf Webapplikationen.

I just published a four pages long article in the German Perl magazine $foo about my Perl CPAN module CGI::IDS, a Website Intrusion Detection System.

OpenSource Perl Website Intrusion Detection System PerlIDS (CGI::IDS) released

Hinnerk — Thu, 06 Nov 2008 12:36:51 +0000

Today, we at epublica have officially released my work of the last months – a Perl port of PHPIDS, a tool for detection of Cross-Site-Scripting (XSS), Cross-Site-Request-Forgery (CSRF), SQL-Injections (SQLI), Local-File-Inclusions (LFI) etc. in website requests.
The tool is released as CGI::IDS Perl module ‘PerlIDS’ on CPAN.org under the OpenSource ‘Lesser GNU Public License’ (LGPL).

The intrusion detection is based on a set of converters that convert the request according to common techniques that are used to hide attacks. These converted strings are checked for attacks by running a filter set of currently 68 regular expressions and a generic attack detector to find obfuscated attacks. For easily keeping the filter set up-to-date, PerlIDS is compatible to the original XML filter set of PHPIDS, which is frequently updated.
Each matching regular expression has it’s own impact value that increases the tested string’s total attack impact.

Using these total impacts, a threshold can be defined by the calling application to log the suspicious requests to database and send out warnings via e-mail or even SMS on high impacts that indicate critical attack activity. These impacts can be summed per IP address, session or user to identify attackers who are testing the website with small impact attacks over a time.

During our development we have made some speed-improvements to PerlIDS and PHPIDS for the use on really large websites. With our experience of running it on websites with much user traffic, we could help to improve the converters and filter mechanism to reduce the rate of false alarms.

For heavily reducing the server load we introduced a whitelist mechanism to tell PerlIDS which request parameters don’t have to be checked with the expensive regular expressions if they match the whitelist rules.

We’d love to receive your feedback on the module!

My New Jobs since May 2008

Hinnerk — Tue, 24 Jun 2008 23:10:16 +0000

Since May, I am employed by epublica GmbH, Hamburg, doing Perl development mainly for the XING Web platform. Have a look at their brand new office in the heart of the city upstairs from XING.

Also I am working as a freelancer for the TYPO3 agency EXINIT GmbH & Co. KG, Hamburg doing TYPO3 extension development in PHP.