Information Security FAQ
The Information Technology Promotion Agency (IPA) has released iLogScanner, a tool for detecting web site attacks.
iLogScanner is a tool that detects traces from the web server access log that appear to be attacks on the weak points of web applications. It has achieved the ability to analyze a server's web access log, a job that until now required persons with special skills. Now, however, with iLogScanner, anyone can perform this task easily and can confirm immediately whether there are traces of a dangerous attack on the web site.
iLogScanner can detect the following types of attacks on web applications.
- SQL injection
- OS commands and injections
- Directory traversal
- Cross site scripting
- Other (Attacks aimed at avoiding an intrusion detection system (IDS)
Types of web application attacks that the iLogScanner's software analysis can detect, in detailed cases.
- Possibility of attack on the same URL from the same IP address
- Possibility of an SQL injection not recorded in the access log
- Possibility of an attack targeting flaws in server settings
(Note) All traces that appear to be attacks cannot be covered nor detected with certainty. Mistakes in detection will also occur.
Microsoft Windows Vista (32bit)
Microsoft Windows 7 (32bit/64bit)
Microsoft Windows 8 (32bit/64bit)
Microsoft Windows 8.1 (32bit/64bit)
Internet Explorer 8 upper
Java Runtime Environment 6 upper
Logs to be analyzed:
Access log format:
・W3C extended log file examples (IIS6.0/7.0/7.5/8.0/8.5)
・Log file examples (IIS6.0/7.0/7.5/8.0/8.5)
・Apache HTTP Server 1.3 / 2.0 / 2.2 / 2.4 common type system (custom-format)
Error log format:
・Apache HTTP Server 2.0 / 2.2 / 2.4,
・ModSecurity 2.5 / 2.6 / 2.7 / 2.8 Type system
Look at the application for the iLogScanner of the Information Technology Promotion Agency (IPA), then carry out analysis of your web site.