A security researcher has released a new security tool that fends off web-based attacks like cross-site scripting, SQL injections, and others. Dubbed “teler-waf”, the tool typically aims at protecting Go apps from such attacks by serving as an HTTP middleware.
About teler-waf Tool For Go Apps
The researcher Dwi Siswanto has recently rolled out an interesting security tool to assist cybersecurity teams. Named “teler-waf,” this tool serves as HTTP middleware, protecting Go apps from various web-based attacks.
According to the details Siswanto shared on GitHub, teler-waf provides teler IDS integration to offer IDS functionality in Go-based apps. It bears an easy-to-use interface and comes with a standard net/http.Handler
for swift integration within the apps’ routing.
Once integrated, it then checks every incoming request against the teler IDS to detect any malicious patterns, allowing only non-malicious requests. That’s how it prevents common web application attacks such as cross-site scripting and SQL injection.
In addition, the other key features of teler-waf include protection against botnets by detecting bad IP addresses, blocking bad crawlers and known data scrapers, and preventing brute-force and dictionary attacks.
Besides ensuring this inclusive application security, teler-waf enables users to configure the tool for URL and request whitelisting and supports swift integration across different frameworks.
teler-waf Limitations
While teler-waf exhibits impressive security features, it cannot be an inclusive protection solution. For instance, it only blocks known malicious threats and vulnerabilities. Besides, Siswanto also highlighted the probability of performance overheads following teler-waf integration, because of the time the tool will take to scan every incoming request.
Similarly, while teler-waf bears a user-friendly interface and offers swift framework integration, configuring it according to a specified app may require some technical expertise.
Nonetheless, for pro cybersecurity personnel and IT teams, teler-waf may serve as a handy tool for app security.
The researcher has shared the tool publicly as open-source on GitHub, along with detailed instructions about teler-waf’s installation and usage.
Let us know your thoughts in the comments.