SlideShare ist ein Scribd-Unternehmen logo

Web Application firewall-Mod security

Als PPTX, PDF herunterladen
R
Romansh Yadav

Mod Security Session. Mumbai Null Meet 11 November 2017.

Technologie
1 von 18
MUMBAI NULL MEET 11TH NOVEMBER 2017
Content Web application firewall. What is ModSecurity. Compare ModSecurity and other waf. Configure with apache server. ModSecurity rules. Attack.
Web application firewall A firewall is the first line of defence for our web server. It protect our web server on the application level or we can say on the application layer of the osi model. Example of web application firewall. 1. ModSecurity(open source). 2. Cloudflare(paid). 3. Incapsula (paid).
What is ModSecurity ModSecurity was first developed by Ivan Ristić, who wrote the module with the end goal of monitor application traffic on the Apache HTTP Server. ModSecurity is a free and open source web application firewall ModSecurity has the capabilities to prevent all the application level attack like sql, xss , dos etc. Spider lab created paid rules set for ModSecurity. ModSecurity is available for the apache , IIS, Nginx server.
The platform itself provides a rule configuration language known as 'SecRules' for real-time monitoring, logging, and filtering of Hypertext Transfer Protocol communications based on user-defined rules.
Compare ModSecurity and other waf ModSecurity is open source and free. Easy to configure with apache and IIS and nginx. Owasp create a core rules(owasp-modsecurity-crs-3.0-master) set for the ModSecurity. Very easy to configure.
Configure with modules Download from here https://www.apachehaus.com/cgi-bin/download.plx Copy mod_security2.so to your Apache 2.4.x modules folder.  Copy libcurl.dll and yajl.dll to your Apache 2.4.x bin folder.  Copy the minimal configuration file to your Apache 2.4.x conf/extra folder.  modsecurity-minimal.conf or we can copy owasp core rules set file into extra folder.
Configure with httpd.conf LoadModule unique_id_module modules/mod_unique_id.so LoadModule security2_module modules/mod_security2.so # OWASP ModSecurity Core Rule Set Project # Include conf/extra/modsecurity.conf-recommended Include conf/owasp-modsecurity-crs-3.0-master/crs-setup.conf.example Include conf/owasp-modsecurity-crs-3.0-master/rules/*.conf # Include conf/owasp-modsecurity-crs-3.0-master/optional_rules/*.conf
ModSecurity rules Every rule defined by SecRule conforms to the same format, as below: SecRule VARIABLES OPERATOR [ACTIONS]
Variable The VARIABLES specify which places to check in an HTTP transaction. Examples of variables include ARGS (all arguments including the POST Payload), REQUEST_METHOD (request method used in the transaction), REQUEST_HEADERS (can be used as either a collection of all of the request headers or can be used to inspect selected headers) etc. The full list of variables is available under https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Variables.
Operator The OPERATOR specifies a regular expression, pattern or keyword to be checked in the variable(s). Operators begin with the @ character.
Actions The ACTIONS specify what to do if the rule matches. Actions are defined into seven categories Disruptive (used to allow ModSecurity take an action e.g. allow, block etc), Flow (affect the flow e.g. skip), Meta-data (used to provide more information about rules), Variable (used to set, change and remove variables), Logging (used to influence the way logging takes place) and Special (used to provide access to another class of functionality) and Miscellaneous (contain actions that don’t belong in any of the other groups) actions. If no ACTIONS are provided, default actions apply as per SecDefaultAction (phase:2,log,auditlog,pass). The full list of actions is available under https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Actions.
Attack SQL Injection (SQLi) Cross Site Scripting (XSS) Local File Inclusion (LFI) Remote File Inclusion (RFI) Remote Code Execution (RCE) PHP Code Injection
XSS Rule The following rule is used to avoid XSS attacks by checking for a <script> pattern in the request parameters and header and generates and ‘XSS Attack’ message with a 404 status response. SecRule ARGS|REQUEST_HEADERS “@rx <script>” id:101,msg: ‘XSS Attack’,severity:ERROR,deny,status:404 VARIABLES ARGS – Request Parameters REQUEST_HEADERS – All of the request headers OPERATOR “@rx <script>” – Performs a regular expression match of the pattern (in this case <script>) provided as parameter
XSS Rule ACTIONS id, msg, severity, deny, status – These are all of the actions to be performed if the pattern is matched id:101 – The unique id that is assigned to this rule (or chain) in which it appears. msg:”XSS Attack” – The custom message (i.e. XSS Attack) assigned to the rule (or chain) in which it appears.
XSS Rule Severity:ERROR – The severity of the rule. Severities include EMERGENCY (0), ALERT (1), CRITICAL (2), ERROR (3), WARNING (4), NOTICE (5), INFO (6) and DEBUG (7). deny – This stops rule processing and intercepts transaction. This is a disruptive action. status:404 – This specifies the response status code (404) with actions deny and redirect.
DEMO
Game over THANK YOU VERY MUCH MUMBAI NULL 11 NOVEMBER 2017

Empfohlen

Mod security
Mod securityMod security
Mod securityShruthi Kamath
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application FirewallChandrapal Badshah
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
How to Prevent RFI and LFI Attacks
How to Prevent RFI and LFI AttacksHow to Prevent RFI and LFI Attacks
How to Prevent RFI and LFI AttacksImperva
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
Cross site scripting (xss)
Cross site scripting (xss)Cross site scripting (xss)
Cross site scripting (xss)Ritesh Gupta
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Cross Site Request Forgery Vulnerabilities
Cross Site Request Forgery VulnerabilitiesCross Site Request Forgery Vulnerabilities
Cross Site Request Forgery VulnerabilitiesMarco Morana
 

Empfohlen

Mod security
Mod securityMod security
Mod securityShruthi Kamath
 
Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application FirewallChandrapal Badshah
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
How to Prevent RFI and LFI Attacks
How to Prevent RFI and LFI AttacksHow to Prevent RFI and LFI Attacks
How to Prevent RFI and LFI AttacksImperva
 
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
 
Cross site scripting (xss)
Cross site scripting (xss)Cross site scripting (xss)
Cross site scripting (xss)Ritesh Gupta
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
Cross Site Request Forgery Vulnerabilities
Cross Site Request Forgery VulnerabilitiesCross Site Request Forgery Vulnerabilities
Cross Site Request Forgery VulnerabilitiesMarco Morana
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
Xss ppt
Xss pptXss ppt
Xss pptpenetration Tester
 
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingInMobi Technology
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsEoin Woods
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Frameworkn|u - The Open Security Community
 
Attack and Mitigation for Insecure Deserialization
Attack and Mitigation for Insecure DeserializationAttack and Mitigation for Insecure Deserialization
Attack and Mitigation for Insecure DeserializationSukhpreet Singh
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS VectorsRodolfo Assis (Brute)
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionVishal Kumar
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
Reverse proxy
Reverse proxyReverse proxy
Reverse proxytim4911
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurationsMegha Sahu
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryDaniel Miessler
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxFernandoVizer
 
Web Application Firewall intro
Web Application Firewall introWeb Application Firewall intro
Web Application Firewall introRich Helton
 

Weitere ähnliche Inhalte

Was ist angesagt?

Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingInMobi Technology
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewMichael Furman
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsEoin Woods
 
Attack and Mitigation for Insecure Deserialization
Attack and Mitigation for Insecure DeserializationAttack and Mitigation for Insecure Deserialization
Attack and Mitigation for Insecure DeserializationSukhpreet Singh
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introductionJimmy Saigon
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionVishal Kumar
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacksJoe McCarthy
 
Reverse proxy
Reverse proxyReverse proxy
Reverse proxytim4911
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurationsMegha Sahu
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryDaniel Miessler
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 

Was ist angesagt? (20)

Denial of service
Denial of serviceDenial of service
Denial of service
 
Xss ppt
Xss pptXss ppt
Xss ppt
 
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site Scripting
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
 
OWASP Top 10 2021 What's New
OWASP Top 10 2021 What's NewOWASP Top 10 2021 What's New
OWASP Top 10 2021 What's New
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)
 
Secure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of UsSecure by Design - Security Design Principles for the Rest of Us
Secure by Design - Security Design Principles for the Rest of Us
 
MITRE ATT&CK Framework
MITRE ATT&CK FrameworkMITRE ATT&CK Framework
MITRE ATT&CK Framework
 
Attack and Mitigation for Insecure Deserialization
Attack and Mitigation for Insecure DeserializationAttack and Mitigation for Insecure Deserialization
Attack and Mitigation for Insecure Deserialization
 
F5 - BigIP ASM introduction
F5 - BigIP ASM introductionF5 - BigIP ASM introduction
F5 - BigIP ASM introduction
 
Building Advanced XSS Vectors
Building Advanced XSS VectorsBuilding Advanced XSS Vectors
Building Advanced XSS Vectors
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
 
Buffer overflow attacks
Buffer overflow attacksBuffer overflow attacks
Buffer overflow attacks
 
Reverse proxy
Reverse proxyReverse proxy
Reverse proxy
 
security misconfigurations
security misconfigurationssecurity misconfigurations
security misconfigurations
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application Vulnerabilities
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
 
Understanding Cross-site Request Forgery
Understanding Cross-site Request ForgeryUnderstanding Cross-site Request Forgery
Understanding Cross-site Request Forgery
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 

Ähnlich wie Web Application firewall-Mod security

OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxFernandoVizer
 
Web Application Firewall intro
Web Application Firewall introWeb Application Firewall intro
Web Application Firewall introRich Helton
 
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Rahul
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxjohnpragasam1
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxazida3
 
Azure deployments and ARM templates
Azure deployments and ARM templatesAzure deployments and ARM templates
Azure deployments and ARM templatesgjuljo
 
DevOps and the Future of Enterprise Security
DevOps and the Future of Enterprise SecurityDevOps and the Future of Enterprise Security
DevOps and the Future of Enterprise SecurityPriyanka Aash
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxcgt38842
 
Using Apache as an Application Server
Using Apache as an Application ServerUsing Apache as an Application Server
Using Apache as an Application ServerPhil Windley
 
OWASP_Top_Ten_Proactive_Controls_v32.pptx
OWASP_Top_Ten_Proactive_Controls_v32.pptxOWASP_Top_Ten_Proactive_Controls_v32.pptx
OWASP_Top_Ten_Proactive_Controls_v32.pptxnmk42194
 
Divide and Conquer – Microservices with Node.js
Divide and Conquer – Microservices with Node.jsDivide and Conquer – Microservices with Node.js
Divide and Conquer – Microservices with Node.jsSebastian Springer
 
apresentacao_apache2..
apresentacao_apache2..apresentacao_apache2..
apresentacao_apache2..webhostingguy
 
apresentacao_apache2..
apresentacao_apache2..apresentacao_apache2..
apresentacao_apache2..webhostingguy
 
DevSecOps - automating security
DevSecOps - automating securityDevSecOps - automating security
DevSecOps - automating securityJohn Staveley
 
Web Exploitation Security
Web Exploitation SecurityWeb Exploitation Security
Web Exploitation SecurityAman Singh
 
WSO2Con 2015 USA: Introducing Microservices Server
WSO2Con 2015 USA: Introducing Microservices ServerWSO2Con 2015 USA: Introducing Microservices Server
WSO2Con 2015 USA: Introducing Microservices ServerWSO2
 
Hardening Linux, introducing Securix GNU/Linux
Hardening Linux, introducing Securix GNU/LinuxHardening Linux, introducing Securix GNU/Linux
Hardening Linux, introducing Securix GNU/LinuxMartin Holovský
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack webhostingguy
 

Ähnlich wie Web Application firewall-Mod security (20)

OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
Web Application Firewall intro
Web Application Firewall introWeb Application Firewall intro
Web Application Firewall intro
 
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Introduction to Mod security session April 2016
Introduction to Mod security session April 2016
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
Azure deployments and ARM templates
Azure deployments and ARM templatesAzure deployments and ARM templates
Azure deployments and ARM templates
 
DevOps and the Future of Enterprise Security
DevOps and the Future of Enterprise SecurityDevOps and the Future of Enterprise Security
DevOps and the Future of Enterprise Security
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
Using Apache as an Application Server
Using Apache as an Application ServerUsing Apache as an Application Server
Using Apache as an Application Server
 
OWASP_Top_Ten_Proactive_Controls_v32.pptx
OWASP_Top_Ten_Proactive_Controls_v32.pptxOWASP_Top_Ten_Proactive_Controls_v32.pptx
OWASP_Top_Ten_Proactive_Controls_v32.pptx
 
Divide and Conquer – Microservices with Node.js
Divide and Conquer – Microservices with Node.jsDivide and Conquer – Microservices with Node.js
Divide and Conquer – Microservices with Node.js
 
apresentacao_apache2..
apresentacao_apache2..apresentacao_apache2..
apresentacao_apache2..
 
apresentacao_apache2..
apresentacao_apache2..apresentacao_apache2..
apresentacao_apache2..
 
DevSecOps - automating security
DevSecOps - automating securityDevSecOps - automating security
DevSecOps - automating security
 
Web Exploitation Security
Web Exploitation SecurityWeb Exploitation Security
Web Exploitation Security
 
WSO2Con 2015 USA: Introducing Microservices Server
WSO2Con 2015 USA: Introducing Microservices ServerWSO2Con 2015 USA: Introducing Microservices Server
WSO2Con 2015 USA: Introducing Microservices Server
 
Hardening Linux, introducing Securix GNU/Linux
Hardening Linux, introducing Securix GNU/LinuxHardening Linux, introducing Securix GNU/Linux
Hardening Linux, introducing Securix GNU/Linux
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack
 
Hack ASP.NET website
Hack ASP.NET websiteHack ASP.NET website
Hack ASP.NET website
 
TO Hack an ASP .NET website?
TO Hack an ASP .NET website? TO Hack an ASP .NET website?
TO Hack an ASP .NET website?
 

Kürzlich hochgeladen

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 

Kürzlich hochgeladen (20)

Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Web Application firewall-Mod security

  • 1. MUMBAI NULL MEET 11TH NOVEMBER 2017
  • 2. Content Web application firewall. What is ModSecurity. Compare ModSecurity and other waf. Configure with apache server. ModSecurity rules. Attack.
  • 3. Web application firewall A firewall is the first line of defence for our web server. It protect our web server on the application level or we can say on the application layer of the osi model. Example of web application firewall. 1. ModSecurity(open source). 2. Cloudflare(paid). 3. Incapsula (paid).
  • 4. What is ModSecurity ModSecurity was first developed by Ivan Ristić, who wrote the module with the end goal of monitor application traffic on the Apache HTTP Server. ModSecurity is a free and open source web application firewall ModSecurity has the capabilities to prevent all the application level attack like sql, xss , dos etc. Spider lab created paid rules set for ModSecurity. ModSecurity is available for the apache , IIS, Nginx server.
  • 5. The platform itself provides a rule configuration language known as 'SecRules' for real-time monitoring, logging, and filtering of Hypertext Transfer Protocol communications based on user-defined rules.
  • 6. Compare ModSecurity and other waf ModSecurity is open source and free. Easy to configure with apache and IIS and nginx. Owasp create a core rules(owasp-modsecurity-crs-3.0-master) set for the ModSecurity. Very easy to configure.
  • 7. Configure with modules Download from here https://www.apachehaus.com/cgi-bin/download.plx Copy mod_security2.so to your Apache 2.4.x modules folder.  Copy libcurl.dll and yajl.dll to your Apache 2.4.x bin folder.  Copy the minimal configuration file to your Apache 2.4.x conf/extra folder.  modsecurity-minimal.conf or we can copy owasp core rules set file into extra folder.
  • 8. Configure with httpd.conf LoadModule unique_id_module modules/mod_unique_id.so LoadModule security2_module modules/mod_security2.so # OWASP ModSecurity Core Rule Set Project # Include conf/extra/modsecurity.conf-recommended Include conf/owasp-modsecurity-crs-3.0-master/crs-setup.conf.example Include conf/owasp-modsecurity-crs-3.0-master/rules/*.conf # Include conf/owasp-modsecurity-crs-3.0-master/optional_rules/*.conf
  • 9. ModSecurity rules Every rule defined by SecRule conforms to the same format, as below: SecRule VARIABLES OPERATOR [ACTIONS]
  • 10. Variable The VARIABLES specify which places to check in an HTTP transaction. Examples of variables include ARGS (all arguments including the POST Payload), REQUEST_METHOD (request method used in the transaction), REQUEST_HEADERS (can be used as either a collection of all of the request headers or can be used to inspect selected headers) etc. The full list of variables is available under https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Variables.
  • 11. Operator The OPERATOR specifies a regular expression, pattern or keyword to be checked in the variable(s). Operators begin with the @ character.
  • 12. Actions The ACTIONS specify what to do if the rule matches. Actions are defined into seven categories Disruptive (used to allow ModSecurity take an action e.g. allow, block etc), Flow (affect the flow e.g. skip), Meta-data (used to provide more information about rules), Variable (used to set, change and remove variables), Logging (used to influence the way logging takes place) and Special (used to provide access to another class of functionality) and Miscellaneous (contain actions that don’t belong in any of the other groups) actions. If no ACTIONS are provided, default actions apply as per SecDefaultAction (phase:2,log,auditlog,pass). The full list of actions is available under https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Actions.
  • 13. Attack SQL Injection (SQLi) Cross Site Scripting (XSS) Local File Inclusion (LFI) Remote File Inclusion (RFI) Remote Code Execution (RCE) PHP Code Injection
  • 14. XSS Rule The following rule is used to avoid XSS attacks by checking for a <script> pattern in the request parameters and header and generates and ‘XSS Attack’ message with a 404 status response. SecRule ARGS|REQUEST_HEADERS “@rx <script>” id:101,msg: ‘XSS Attack’,severity:ERROR,deny,status:404 VARIABLES ARGS – Request Parameters REQUEST_HEADERS – All of the request headers OPERATOR “@rx <script>” – Performs a regular expression match of the pattern (in this case <script>) provided as parameter
  • 15. XSS Rule ACTIONS id, msg, severity, deny, status – These are all of the actions to be performed if the pattern is matched id:101 – The unique id that is assigned to this rule (or chain) in which it appears. msg:”XSS Attack” – The custom message (i.e. XSS Attack) assigned to the rule (or chain) in which it appears.
  • 16. XSS Rule Severity:ERROR – The severity of the rule. Severities include EMERGENCY (0), ALERT (1), CRITICAL (2), ERROR (3), WARNING (4), NOTICE (5), INFO (6) and DEBUG (7). deny – This stops rule processing and intercepts transaction. This is a disruptive action. status:404 – This specifies the response status code (404) with actions deny and redirect.
  • 17. DEMO
  • 18. Game over THANK YOU VERY MUCH MUMBAI NULL 11 NOVEMBER 2017