This project tries to achieve:

  • Protection of web applications by analyzing and filtering user input
  • Coverage of all common web languages with a single solution
  • Simple, secure and auditable modules
  • Deterministic and reproducible behaviour
  • Quality over quantity


Partly done

  • Localization

Nice to have

  • Graphical representation of attacks
  • Iterative learning in shadowd, i.e. do not store all requests in learning mode
  • Support of HTTP security headers for additional security
  • Decoding filters for user input, e.g., base64, xml, json and yml