Foundations
This project tries to achieve:
- Protection of web applications by analyzing and filtering user input
- Coverage of all common web languages with a single solution
- Simple, secure and auditable modules
- Deterministic and reproducible behaviour
- Quality over quantity
Pending
Partly done
- Localization
Nice to have
- Graphical representation of attacks
- Iterative learning in shadowd, i.e. do not store all requests in learning mode
- Support of HTTP security headers for additional security
- Decoding filters for user input, e.g., base64, xml, json and yml