SlideShare a Scribd company logo

Web Application firewall-Mod security

Download as PPTX, PDF
R
Romansh Yadav

Mod Security Session. Mumbai Null Meet 11 November 2017.

Technology
1 of 18
MUMBAI NULL MEET 11TH NOVEMBER 2017
Content Web application firewall. What is ModSecurity. Compare ModSecurity and other waf. Configure with apache server. ModSecurity rules. Attack.
Web application firewall A firewall is the first line of defence for our web server. It protect our web server on the application level or we can say on the application layer of the osi model. Example of web application firewall. 1. ModSecurity(open source). 2. Cloudflare(paid). 3. Incapsula (paid).
What is ModSecurity ModSecurity was first developed by Ivan Ristić, who wrote the module with the end goal of monitor application traffic on the Apache HTTP Server. ModSecurity is a free and open source web application firewall ModSecurity has the capabilities to prevent all the application level attack like sql, xss , dos etc. Spider lab created paid rules set for ModSecurity. ModSecurity is available for the apache , IIS, Nginx server.
The platform itself provides a rule configuration language known as 'SecRules' for real-time monitoring, logging, and filtering of Hypertext Transfer Protocol communications based on user-defined rules.
Compare ModSecurity and other waf ModSecurity is open source and free. Easy to configure with apache and IIS and nginx. Owasp create a core rules(owasp-modsecurity-crs-3.0-master) set for the ModSecurity. Very easy to configure.
Configure with modules Download from here https://www.apachehaus.com/cgi-bin/download.plx Copy mod_security2.so to your Apache 2.4.x modules folder.  Copy libcurl.dll and yajl.dll to your Apache 2.4.x bin folder.  Copy the minimal configuration file to your Apache 2.4.x conf/extra folder.  modsecurity-minimal.conf or we can copy owasp core rules set file into extra folder.
Configure with httpd.conf LoadModule unique_id_module modules/mod_unique_id.so LoadModule security2_module modules/mod_security2.so # OWASP ModSecurity Core Rule Set Project # Include conf/extra/modsecurity.conf-recommended Include conf/owasp-modsecurity-crs-3.0-master/crs-setup.conf.example Include conf/owasp-modsecurity-crs-3.0-master/rules/*.conf # Include conf/owasp-modsecurity-crs-3.0-master/optional_rules/*.conf
ModSecurity rules Every rule defined by SecRule conforms to the same format, as below: SecRule VARIABLES OPERATOR [ACTIONS]
Variable The VARIABLES specify which places to check in an HTTP transaction. Examples of variables include ARGS (all arguments including the POST Payload), REQUEST_METHOD (request method used in the transaction), REQUEST_HEADERS (can be used as either a collection of all of the request headers or can be used to inspect selected headers) etc. The full list of variables is available under https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Variables.
Operator The OPERATOR specifies a regular expression, pattern or keyword to be checked in the variable(s). Operators begin with the @ character.
Actions The ACTIONS specify what to do if the rule matches. Actions are defined into seven categories Disruptive (used to allow ModSecurity take an action e.g. allow, block etc), Flow (affect the flow e.g. skip), Meta-data (used to provide more information about rules), Variable (used to set, change and remove variables), Logging (used to influence the way logging takes place) and Special (used to provide access to another class of functionality) and Miscellaneous (contain actions that don’t belong in any of the other groups) actions. If no ACTIONS are provided, default actions apply as per SecDefaultAction (phase:2,log,auditlog,pass). The full list of actions is available under https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Actions.
Attack SQL Injection (SQLi) Cross Site Scripting (XSS) Local File Inclusion (LFI) Remote File Inclusion (RFI) Remote Code Execution (RCE) PHP Code Injection
XSS Rule The following rule is used to avoid XSS attacks by checking for a <script> pattern in the request parameters and header and generates and ‘XSS Attack’ message with a 404 status response. SecRule ARGS|REQUEST_HEADERS “@rx <script>” id:101,msg: ‘XSS Attack’,severity:ERROR,deny,status:404 VARIABLES ARGS – Request Parameters REQUEST_HEADERS – All of the request headers OPERATOR “@rx <script>” – Performs a regular expression match of the pattern (in this case <script>) provided as parameter
XSS Rule ACTIONS id, msg, severity, deny, status – These are all of the actions to be performed if the pattern is matched id:101 – The unique id that is assigned to this rule (or chain) in which it appears. msg:”XSS Attack” – The custom message (i.e. XSS Attack) assigned to the rule (or chain) in which it appears.
XSS Rule Severity:ERROR – The severity of the rule. Severities include EMERGENCY (0), ALERT (1), CRITICAL (2), ERROR (3), WARNING (4), NOTICE (5), INFO (6) and DEBUG (7). deny – This stops rule processing and intercepts transaction. This is a disruptive action. status:404 – This specifies the response status code (404) with actions deny and redirect.
DEMO
Game over THANK YOU VERY MUCH MUMBAI NULL 11 NOVEMBER 2017

Recommended

Mod security
Mod securityMod security
Mod securityShruthi Kamath
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101Narudom Roongsiriwong, CISSP
 
Simplified Security Code Review Process
Simplified Security Code Review ProcessSimplified Security Code Review Process
Simplified Security Code Review ProcessSherif Koussa
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresMarco Morana
 
Xss attack
Xss attackXss attack
Xss attackManjushree Mashal
 
Snort IPS(Intrusion Prevention System) Eğitimi
Snort IPS(Intrusion Prevention System) EğitimiSnort IPS(Intrusion Prevention System) Eğitimi
Snort IPS(Intrusion Prevention System) EğitimiBGA Cyber Security
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingAgile Testing Alliance
 

Recommended

Mod security
Mod securityMod security
Mod securityShruthi Kamath
 
Secure Code Review 101
Secure Code Review 101Secure Code Review 101
Secure Code Review 101Narudom Roongsiriwong, CISSP
 
Simplified Security Code Review Process
Simplified Security Code Review ProcessSimplified Security Code Review Process
Simplified Security Code Review ProcessSherif Koussa
 
Encoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresEncoded Attacks And Countermeasures
Encoded Attacks And CountermeasuresMarco Morana
 
Xss attack
Xss attackXss attack
Xss attackManjushree Mashal
 
Snort IPS(Intrusion Prevention System) Eğitimi
Snort IPS(Intrusion Prevention System) EğitimiSnort IPS(Intrusion Prevention System) Eğitimi
Snort IPS(Intrusion Prevention System) EğitimiBGA Cyber Security
 
Bug Bounty 101
Bug Bounty 101Bug Bounty 101
Bug Bounty 101Shahee Mirza
 
Web Application Security Testing
Web Application Security TestingWeb Application Security Testing
Web Application Security TestingAgile Testing Alliance
 
Broken access control
Broken access controlBroken access control
Broken access controlPriyanshu Gandhi
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
SQL injection
SQL injectionSQL injection
SQL injectionRaj Parmar
 
Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Sagar M Parmar
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solutionhearme limited company
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practicesMohammed Danish Amber
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfigurationMicho Hayek
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
ORM2Pwn: Exploiting injections in Hibernate ORM
ORM2Pwn: Exploiting injections in Hibernate ORMORM2Pwn: Exploiting injections in Hibernate ORM
ORM2Pwn: Exploiting injections in Hibernate ORMMikhail Egorov
 
Web vulnerabilities
Web vulnerabilitiesWeb vulnerabilities
Web vulnerabilitiesKrishna Gehlot
 
Secure SDLC for Software
Secure SDLC for Software Secure SDLC for Software
Secure SDLC for Software Shreeraj Shah
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scriptingn|u - The Open Security Community
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Yassine Aboukir
 
Windows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme ÇalışmalarıWindows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme ÇalışmalarıBGA Cyber Security
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attackRayudu Babu
 
Benefits of Web Application Firewall
Benefits of Web Application FirewallBenefits of Web Application Firewall
Benefits of Web Application Firewalldavidjohnrace
 
Cross Site Request Forgery
Cross Site Request ForgeryCross Site Request Forgery
Cross Site Request ForgeryTony Bibbs
 
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security RisksOWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security RisksAll Things Open
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxFernandoVizer
 
Web Application Firewall intro
Web Application Firewall introWeb Application Firewall intro
Web Application Firewall introRich Helton
 

More Related Content

What's hot

Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageErik Van Buggenhout
 
Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Sagar M Parmar
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solutionhearme limited company
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfigurationMicho Hayek
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
ORM2Pwn: Exploiting injections in Hibernate ORM
ORM2Pwn: Exploiting injections in Hibernate ORMORM2Pwn: Exploiting injections in Hibernate ORM
ORM2Pwn: Exploiting injections in Hibernate ORMMikhail Egorov
 
Secure SDLC for Software
Secure SDLC for Software Secure SDLC for Software
Secure SDLC for Software Shreeraj Shah
 
Secure code practices
Secure code practicesSecure code practices
Secure code practicesHina Rawal
 
Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Yassine Aboukir
 
Windows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme ÇalışmalarıWindows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme ÇalışmalarıBGA Cyber Security
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attackRayudu Babu
 
Benefits of Web Application Firewall
Benefits of Web Application FirewallBenefits of Web Application Firewall
Benefits of Web Application Firewalldavidjohnrace
 
Cross Site Request Forgery
Cross Site Request ForgeryCross Site Request Forgery
Cross Site Request ForgeryTony Bibbs
 
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security RisksOWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security RisksAll Things Open
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with examplePrateek Chauhan
 

What's hot (20)

Broken access control
Broken access controlBroken access control
Broken access control
 
Leveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common LanguageLeveraging MITRE ATT&CK - Speaking the Common Language
Leveraging MITRE ATT&CK - Speaking the Common Language
 
SQL injection
SQL injectionSQL injection
SQL injection
 
Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17Bug bounty null_owasp_2k17
Bug bounty null_owasp_2k17
 
IBM AppScan - the total software security solution
IBM AppScan - the total software security solutionIBM AppScan - the total software security solution
IBM AppScan - the total software security solution
 
Secure coding practices
Secure coding practicesSecure coding practices
Secure coding practices
 
Security misconfiguration
Security misconfigurationSecurity misconfiguration
Security misconfiguration
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing Techniques
 
ORM2Pwn: Exploiting injections in Hibernate ORM
ORM2Pwn: Exploiting injections in Hibernate ORMORM2Pwn: Exploiting injections in Hibernate ORM
ORM2Pwn: Exploiting injections in Hibernate ORM
 
Web vulnerabilities
Web vulnerabilitiesWeb vulnerabilities
Web vulnerabilities
 
Secure SDLC for Software
Secure SDLC for Software Secure SDLC for Software
Secure SDLC for Software
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
 
Secure code practices
Secure code practicesSecure code practices
Secure code practices
 
Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?
 
Windows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme ÇalışmalarıWindows İşletim Sistemi Yetki Yükseltme Çalışmaları
Windows İşletim Sistemi Yetki Yükseltme Çalışmaları
 
SQL Injection attack
SQL Injection attackSQL Injection attack
SQL Injection attack
 
Benefits of Web Application Firewall
Benefits of Web Application FirewallBenefits of Web Application Firewall
Benefits of Web Application Firewall
 
Cross Site Request Forgery
Cross Site Request ForgeryCross Site Request Forgery
Cross Site Request Forgery
 
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security RisksOWASP Top 10 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 - The Ten Most Critical Web Application Security Risks
 
Sql injections - with example
Sql injections - with exampleSql injections - with example
Sql injections - with example
 

Similar to Web Application firewall-Mod security

OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxFernandoVizer
 
Web Application Firewall intro
Web Application Firewall introWeb Application Firewall intro
Web Application Firewall introRich Helton
 
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Rahul
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxjohnpragasam1
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxazida3
 
Azure deployments and ARM templates
Azure deployments and ARM templatesAzure deployments and ARM templates
Azure deployments and ARM templatesgjuljo
 
DevOps and the Future of Enterprise Security
DevOps and the Future of Enterprise SecurityDevOps and the Future of Enterprise Security
DevOps and the Future of Enterprise SecurityPriyanka Aash
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxcgt38842
 
Using Apache as an Application Server
Using Apache as an Application ServerUsing Apache as an Application Server
Using Apache as an Application ServerPhil Windley
 
OWASP_Top_Ten_Proactive_Controls_v32.pptx
OWASP_Top_Ten_Proactive_Controls_v32.pptxOWASP_Top_Ten_Proactive_Controls_v32.pptx
OWASP_Top_Ten_Proactive_Controls_v32.pptxnmk42194
 
Divide and Conquer – Microservices with Node.js
Divide and Conquer – Microservices with Node.jsDivide and Conquer – Microservices with Node.js
Divide and Conquer – Microservices with Node.jsSebastian Springer
 
apresentacao_apache2..
apresentacao_apache2..apresentacao_apache2..
apresentacao_apache2..webhostingguy
 
apresentacao_apache2..
apresentacao_apache2..apresentacao_apache2..
apresentacao_apache2..webhostingguy
 
DevSecOps - automating security
DevSecOps - automating securityDevSecOps - automating security
DevSecOps - automating securityJohn Staveley
 
Web Exploitation Security
Web Exploitation SecurityWeb Exploitation Security
Web Exploitation SecurityAman Singh
 
WSO2Con 2015 USA: Introducing Microservices Server
WSO2Con 2015 USA: Introducing Microservices ServerWSO2Con 2015 USA: Introducing Microservices Server
WSO2Con 2015 USA: Introducing Microservices ServerWSO2
 
Hardening Linux, introducing Securix GNU/Linux
Hardening Linux, introducing Securix GNU/LinuxHardening Linux, introducing Securix GNU/Linux
Hardening Linux, introducing Securix GNU/LinuxMartin Holovský
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack webhostingguy
 

Similar to Web Application firewall-Mod security (20)

OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
Web Application Firewall intro
Web Application Firewall introWeb Application Firewall intro
Web Application Firewall intro
 
Introduction to Mod security session April 2016
Introduction to Mod security session April 2016Introduction to Mod security session April 2016
Introduction to Mod security session April 2016
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
Azure deployments and ARM templates
Azure deployments and ARM templatesAzure deployments and ARM templates
Azure deployments and ARM templates
 
DevOps and the Future of Enterprise Security
DevOps and the Future of Enterprise SecurityDevOps and the Future of Enterprise Security
DevOps and the Future of Enterprise Security
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
Using Apache as an Application Server
Using Apache as an Application ServerUsing Apache as an Application Server
Using Apache as an Application Server
 
OWASP_Top_Ten_Proactive_Controls_v32.pptx
OWASP_Top_Ten_Proactive_Controls_v32.pptxOWASP_Top_Ten_Proactive_Controls_v32.pptx
OWASP_Top_Ten_Proactive_Controls_v32.pptx
 
Divide and Conquer – Microservices with Node.js
Divide and Conquer – Microservices with Node.jsDivide and Conquer – Microservices with Node.js
Divide and Conquer – Microservices with Node.js
 
apresentacao_apache2..
apresentacao_apache2..apresentacao_apache2..
apresentacao_apache2..
 
apresentacao_apache2..
apresentacao_apache2..apresentacao_apache2..
apresentacao_apache2..
 
DevSecOps - automating security
DevSecOps - automating securityDevSecOps - automating security
DevSecOps - automating security
 
Web Exploitation Security
Web Exploitation SecurityWeb Exploitation Security
Web Exploitation Security
 
WSO2Con 2015 USA: Introducing Microservices Server
WSO2Con 2015 USA: Introducing Microservices ServerWSO2Con 2015 USA: Introducing Microservices Server
WSO2Con 2015 USA: Introducing Microservices Server
 
Hardening Linux, introducing Securix GNU/Linux
Hardening Linux, introducing Securix GNU/LinuxHardening Linux, introducing Securix GNU/Linux
Hardening Linux, introducing Securix GNU/Linux
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack
 
Hack ASP.NET website
Hack ASP.NET websiteHack ASP.NET website
Hack ASP.NET website
 
TO Hack an ASP .NET website?
TO Hack an ASP .NET website? TO Hack an ASP .NET website?
TO Hack an ASP .NET website?
 

Recently uploaded

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 

Recently uploaded (20)

Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 

Web Application firewall-Mod security

  • 1. MUMBAI NULL MEET 11TH NOVEMBER 2017
  • 2. Content Web application firewall. What is ModSecurity. Compare ModSecurity and other waf. Configure with apache server. ModSecurity rules. Attack.
  • 3. Web application firewall A firewall is the first line of defence for our web server. It protect our web server on the application level or we can say on the application layer of the osi model. Example of web application firewall. 1. ModSecurity(open source). 2. Cloudflare(paid). 3. Incapsula (paid).
  • 4. What is ModSecurity ModSecurity was first developed by Ivan Ristić, who wrote the module with the end goal of monitor application traffic on the Apache HTTP Server. ModSecurity is a free and open source web application firewall ModSecurity has the capabilities to prevent all the application level attack like sql, xss , dos etc. Spider lab created paid rules set for ModSecurity. ModSecurity is available for the apache , IIS, Nginx server.
  • 5. The platform itself provides a rule configuration language known as 'SecRules' for real-time monitoring, logging, and filtering of Hypertext Transfer Protocol communications based on user-defined rules.
  • 6. Compare ModSecurity and other waf ModSecurity is open source and free. Easy to configure with apache and IIS and nginx. Owasp create a core rules(owasp-modsecurity-crs-3.0-master) set for the ModSecurity. Very easy to configure.
  • 7. Configure with modules Download from here https://www.apachehaus.com/cgi-bin/download.plx Copy mod_security2.so to your Apache 2.4.x modules folder.  Copy libcurl.dll and yajl.dll to your Apache 2.4.x bin folder.  Copy the minimal configuration file to your Apache 2.4.x conf/extra folder.  modsecurity-minimal.conf or we can copy owasp core rules set file into extra folder.
  • 8. Configure with httpd.conf LoadModule unique_id_module modules/mod_unique_id.so LoadModule security2_module modules/mod_security2.so # OWASP ModSecurity Core Rule Set Project # Include conf/extra/modsecurity.conf-recommended Include conf/owasp-modsecurity-crs-3.0-master/crs-setup.conf.example Include conf/owasp-modsecurity-crs-3.0-master/rules/*.conf # Include conf/owasp-modsecurity-crs-3.0-master/optional_rules/*.conf
  • 9. ModSecurity rules Every rule defined by SecRule conforms to the same format, as below: SecRule VARIABLES OPERATOR [ACTIONS]
  • 10. Variable The VARIABLES specify which places to check in an HTTP transaction. Examples of variables include ARGS (all arguments including the POST Payload), REQUEST_METHOD (request method used in the transaction), REQUEST_HEADERS (can be used as either a collection of all of the request headers or can be used to inspect selected headers) etc. The full list of variables is available under https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Variables.
  • 11. Operator The OPERATOR specifies a regular expression, pattern or keyword to be checked in the variable(s). Operators begin with the @ character.
  • 12. Actions The ACTIONS specify what to do if the rule matches. Actions are defined into seven categories Disruptive (used to allow ModSecurity take an action e.g. allow, block etc), Flow (affect the flow e.g. skip), Meta-data (used to provide more information about rules), Variable (used to set, change and remove variables), Logging (used to influence the way logging takes place) and Special (used to provide access to another class of functionality) and Miscellaneous (contain actions that don’t belong in any of the other groups) actions. If no ACTIONS are provided, default actions apply as per SecDefaultAction (phase:2,log,auditlog,pass). The full list of actions is available under https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#Actions.
  • 13. Attack SQL Injection (SQLi) Cross Site Scripting (XSS) Local File Inclusion (LFI) Remote File Inclusion (RFI) Remote Code Execution (RCE) PHP Code Injection
  • 14. XSS Rule The following rule is used to avoid XSS attacks by checking for a <script> pattern in the request parameters and header and generates and ‘XSS Attack’ message with a 404 status response. SecRule ARGS|REQUEST_HEADERS “@rx <script>” id:101,msg: ‘XSS Attack’,severity:ERROR,deny,status:404 VARIABLES ARGS – Request Parameters REQUEST_HEADERS – All of the request headers OPERATOR “@rx <script>” – Performs a regular expression match of the pattern (in this case <script>) provided as parameter
  • 15. XSS Rule ACTIONS id, msg, severity, deny, status – These are all of the actions to be performed if the pattern is matched id:101 – The unique id that is assigned to this rule (or chain) in which it appears. msg:”XSS Attack” – The custom message (i.e. XSS Attack) assigned to the rule (or chain) in which it appears.
  • 16. XSS Rule Severity:ERROR – The severity of the rule. Severities include EMERGENCY (0), ALERT (1), CRITICAL (2), ERROR (3), WARNING (4), NOTICE (5), INFO (6) and DEBUG (7). deny – This stops rule processing and intercepts transaction. This is a disruptive action. status:404 – This specifies the response status code (404) with actions deny and redirect.
  • 17. DEMO
  • 18. Game over THANK YOU VERY MUCH MUMBAI NULL 11 NOVEMBER 2017