A local startup, Ormigo, launched PHP IDS, a PHP-based intrusion detection system. It was written by Mario Heiderich and christ1an (who did the regular expression magic). The outstanding difference to approaches like mod_security is that it is purely PHP-based and can be integrated into your application. It basically takes a user submitted content array ($_POST, $_GET, $_COOKIE) and applies a certain set of regular expressions. When I read about it on Oliver Thylmanns Weblog I was really fascinated by the idea and started playing around with it. I’ve submitted a number of patches and proposals and started a branch to introduce a more convenient result handling which was merged back into the trunk a few hours ago. There will be a release in the next weeks and I’m looking forward on helping to make this project grow up.
Just for the record: after christ1an asked me for whom I’m working for he found a nice XSS on Neu.de which was fixed on monday. Thanks again for the hint, christ1an.
The PHP IDS subversion repository: http://phpids.googlecode.com/svn/trunk/