Tag Archive for: Middleware

Meet teler-waf: Security-focused HTTP middleware for the Go framework

/in


Protection against XSS, SQLi, and more web attacks for Go-based web applications

the teler-waf tool offers software developers a means to uncover web-based vulnerabilities in Go-based applications

A developer has released a new tool for Go applications that is designed to combat web-based attacks.

Developer and security engineer Dwi Siswanto revealed the open source teler-waf software on January 2. The 24-year-old said on Twitter that the technology was designed to “improve the security of Go-based web applications”.

Available on GitHub, teler-waf acts as HTTP middleware, with an interface for integrating intrusion detection system (IDS) functionality into existing applications.

Teler-waf’s security functions include protection against common web-based threats, such as cross-site scripting (XSS) attacks and SQL injections.

Furthermore, the tool will detect bad IP addresses linked to known threat actors and botnets; malicious HTTP referers, crawlers, and scrapers suspected of causing performance issues or performing illicit data scraping; and locations associated with directory-based brute-force attacks.

Under the bonnet

Speaking to The Daily Swig, Siswanto, who developed teler-waf independently, said the software has several benefits.

A key feature, for example, is the use of datasets updated daily that track known vulnerabilities and malicious patterns of attack. External resources include information from the PHPIDS project, CVE lists from the Project Discovery team, and collections sourced from the Nginx Ultimate Bad Bot Blocker and Crawler Detect.

WIN SWAG Complete our reader survey to be in with a chance of winning Burp Suite merchandise

In addition, teler-waf comes with a net/http handler for integration with application routing functionality, which Siswanto said “makes it easy to integrate into any framework and [is] also highly configurable, allowing it to be tailored to the specific needs of a given web application.

“When a client makes a request to a route protected by teler-waf, the request is first checked against the teler IDS to detect known malicious patterns,“ the developer says. “If no malicious patterns are detected, the request is then passed through for further processing.”

Show and teler

Siswanto is also the creator of teler, a…

Source…