Shadow Daemon is a collection of tools to detect, protocol and prevent attacks on web applications. Technically speaking, Shadow Daemon is a web application firewall that intercepts requests and filters out malicious parameters. It is a modular system that separates web application, analysis and interface to increase security, flexibility and expandability.
Shadow Daemon is easy to install and can be managed with a clear and structured web interface. The interface lets you examine attacks in great detail. If you just want to protect your site, but otherwise do not care about attacks you can forget about the web interface once Shadow Daemon is installed and configured. The interface also comes with shell scripts that can be used to send weekly reports via e-mail, rotate the logs and the like.
Shadow Daemon strives to be a single solution for all popular web languages. At the moment the following programming languages are supported:
Shadow Daemon combines white and blacklisting to accurately detect malicious requests. The blacklist makes use of sophisticated regular expressions to search for known attack patterns in the user input. The whitelist on the other hand searches for irregularities in the user input based on strict rules that define how the input should look like. Together they can detect almost any attack on a web application and still have a very low false-positive rate.
Shadow Daemon is able to detect common attacks like:
- SQL Injections
- XML Injections
- Code Injections
- Command Injections
- Cross-Site Scripting
- Local/Remote File Inclusions
- Backdoor Access
Unlike many other web application firewalls Shadow Daemon does not completely block malicious requests. Instead it only filters out the dangerous parts of a request and lets it proceed afterwards. This makes attacks impossible, but does not unnecessary frustrate visitors in the case of false-positives.
Shadow Daemon is closer to the application than most other web application firewalls. It receives exactly the same input that the web application receives and thus it is almost impossible to bypass the detection by obfuscating the attack. However, the most complex parts of Shadow Daemon are separated from the web application to guarantee a certain standard of security.
You can get Shadow Daemon here:
dpkg -i shadowd_1.1.3-1_*.deb
apt-get -f install
apt-get install shadowd
Red Hat / CentOS / Fedora
rpm -i shadowd-1.1.3-1.*.rpm
Or read more here.