A developer has released a new tool for Go applications that is designed to combat web-based attacks.
Developer and security engineer Dwi Siswanto revealed the open source teler-waf software on January 2. The 24-year-old said on Twitter that the technology was designed to “improve the security of Go-based web applications”.
Available on GitHub, teler-waf acts as HTTP middleware, with an interface for integrating intrusion detection system (IDS) functionality into existing applications.
Teler-waf’s security functions include protection against common web-based threats, such as cross-site scripting (XSS) attacks and SQL injections.
Furthermore, the tool will detect bad IP addresses linked to known threat actors and botnets; malicious HTTP referers, crawlers, and scrapers suspected of causing performance issues or performing illicit data scraping; and locations associated with directory-based brute-force attacks.
Under the bonnet
Speaking to The Daily Swig, Dwi, who developed teler-waf independently, said the software has several benefits.
A key feature, for example, is the use of datasets updated daily that track known vulnerabilities and malicious patterns of attack. External resources include information from the PHPIDS project, CVE lists from the Project Discovery team, and collections sourced from the Nginx Ultimate Bad Bot Blocker and Crawler Detect.
In addition, teler-waf comes with a net/http handler for integration with application routing functionality, which Dwi said “makes it easy to integrate into any framework and [is] also highly configurable, allowing it to be tailored to the specific needs of a given web application.
“When a client makes a request to a route protected by teler-waf, the request is first checked against the teler IDS to detect known malicious patterns,“ the developer says. “If no malicious patterns are detected, the request is then passed through for further processing.”
Show and teler
Dwi is also the creator of teler, a real-time HTTP intrusion detection and threat alert system.
He told us that the popularity of the Go framework persuaded him to adapt teler IDS to resemble a past project, AntiScanScanClub, an automatic website scan blocker package.
“My goal was to use teler IDS functionality not only for detection, but also for early prevention,” he explains. “I could say that teler-waf is a progress from the AntiScanScanClub.”
At this time, there is no formal development timeline, although there are hopes for future contributors to join and some milestones are “still being determined”.
Teler-waf’s inaugural and current release, v0.0.1, is labeled as experimental.
Dwi said: “It [is] experimental because there are currently some TODO lists I [have] to revisit that need to be addressed, which might be major changes that could affect both configuration and performance. I hope that teler-waf will become stable and ready for use in production in the near future.”
As Go continues to increase in popularity, other developers have also released tools to protect applications built using the language. In December, for instance, Viktor Chuchurski and Alessandro Cotto released Safeurl, software designed to thwart server-side request forgery (SSRF) attacks.
Source: https://portswigger.net/daily-swig/meet-teler-waf-security-focused-http-middleware-for-the-go-framework