ModSecurity_Core_Rules.pdf
(
1031 KB
)
Pobierz
"The Core Rule Set":
Generic detection of application layer
attacks
Ofer Shezaf
ModSecurity Core Rule Set Project Leader
CTO, Breach Security
Web Application Firewalls
vs.
Intrusion Prevention Systems
Multiple Deployment Modes
Web
Server
In-Line mode
`
Firewall
Web
Server
Embedded mode
Firewall
`
Web
Server
Out of line mode
Firewall
`
Three Protection Strategies for WAFs
1.
2.
External patching
Also known as "just-in-time patching" or "virtual patching".
An independent input validation envelope.
Rules must be adjusted to the application.
Automated and continuous learning (to adjust for changes) is the key.
Looking for bad stuff,
Mostly signatures based.
Generic but requires some tweaking for each application.
Positive security model
3.
Negative security model
IPS?
Virtual Patching
Testing reveals that the login field is vulnerable to SQL
injection.
Login names cannot include characters beside
alphanumerical characters.
The following rule will help:
<LocationMatch "^/app/login.asp$">
SecRule ARGS:username "!^\w+$" "deny,log"
>/LocationMatch>
Plik z chomika:
xterm
Inne pliki z tego folderu:
ModSecurity2_Rule_Language.pdf
(240 KB)
Mod_Security.pdf
(4252 KB)
ModSecurity2_Deployment.pdf
(814 KB)
ModSecurity_Core_Rules.pdf
(1031 KB)
ModSecurity_The_Open_Source_Web_Application_Firewall_Nov2007.pdf
(556 KB)
Inne foldery tego chomika:
cbt nuggets - security+ exam study videos - www.gurufuel.com
cbt nuggets certified ethical hacker v5 videos [2010] - www.gurufuel.com
cbt nuggets cissp v
database.th3-0utl4ws.com
htp5
Zgłoś jeśli
naruszono regulamin