- •Product Overview
- •System Specifications
- •Installation
- •Adding a User Name and Password for CodeSeeker
- •Installing ISAPI Filter into IIS 5 for Windows 2000
- •CodeSeeker Management Console Overview
- •Policy Information
- •Customizing Security Policies
- •Reports
- •Analyzing and Customizing CodeSeeker
- •Servers
- •Dot Detector
- •Hidden file detector
- •HT Configuration File Detector
- •Common Command Detectors
- •Cmd.com Script Detector
- •Null Byte Detector
- •Unicode Detector
- •Buffer Overflow Detector
- •Multiple SQL Statements Detector
- •/etc/passwd File Detector
- •/etc/shadow File Detector
- •/etc/hosts File Detector
- •Summary of Regular-Expression Constructs
- •Backslashes, escapes, and quoting
- •Line terminators
- •Unicode support
- •HTTP Status Codes
Analyzing and Customizing CodeSeeker
Customizing CodeSeekers security uses a combination of the Reporting tools and Detector Applies to, please be familiar with these two chapters prior to reading this.
Using CodeSeeker in Passive Mode, it is suggested that you run through the web application you are trying to protect to discover if CodeSeeker detectors register a desired transaction as being invalid. After you run through your application, view CodeSeeker Log tab to see if there are any alerts. If there are none, you should be comfortable that CodeSeeker will not block a desired transaction from the web application.
If the log report shows a detector alert, drill down to the individual transaction to determine the detector and specific file or location that is in question. Using the Applies column for that detector, choose Applies to the entire web server except: and enter the location (and file if necessary) that is causing the detector to go off. Remember, the detectors below the one you modified on the tree will also be affected.
Furthermore, the Summary of Regular-Expression Constructs allows you to add logic to the Applies arguments.
Butterfly Security CodeSeeker Application Security Solution Help
18