Shadowd – The Shadow Daemon Web Application Firewall

Shadowd (Shadow Daemon) is a collection of tools to detect, record and prevent attacks on web applications. Shadow Daemon is a web application firewall that intercepts requests and filters out malicious parameters. It is a modular system that separates web application, analysis and interface to increase security, flexibility and expandability.

Shadowd - The Shadow Daemon Web Application Firewall Server
Shadowd – The Shadow Daemon Web Application Firewall Server

Shadow Daemon combines blacklisting, whitelisting, and integrity checking to accurately detect malicious requests. The blacklist makes use of sophisticated regular expressions to search for known attack patterns in the user input.

The whitelist on the other hand searches for irregularities in the user input based on strict rules that define how the input should look like. The integrity check compares cryptographically secure checksums of the executed scripts against predefined values.

Together they can detect almost any attack on a web application and still have a very low false-positive rate.

Shadow Daemon is able to detect common attacks like:

  • SQL injections
  • XML injections
  • Code injections
  • Command injections
  • Cross-site scripting
  • Local/remote file inclusions
  • Backdoor access
  • And more …

Unlike many other web application firewalls Shadow Daemon does not completely block malicious requests if possible. Instead it only filters out the dangerous parts of a request and lets it proceed afterwards. This makes attacks impossible, but does not unnecessary frustrate visitors in the case of false-positives.

You can read more and download the tool over here: https://github.com/zecure/shadowd

Share
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments