This talk combines two of the OWASP top ten security risks:
* Injections (A1:2017): We are using a simple application that is exploitable by an injection and will then secure it with ModSecurity.
* Insufficient Logging & Monitoring (A10:2017): We are logging and monitoring the application both with and without ModSecurity with the open source Elastic Stack.
To make it more interactive the audience has to do the injections, which we are then live monitoring and mitigating with ModSecurity.
28. ModSecurity is an open source, cross-platform web application
firewall (WAF) module. Known as the "Swiss Army Knife" of WAFs,
it enables web application defenders to gain visibility into HTTP(S)
traffic and provides a power rules language and API to implement
advanced protections.
@xeraa
29. OWASP ModSecurity Core Rule Set (CRS) Version 3
• HTTP Protocol Protection
• Real-time Blacklist Lookups
• HTTP Denial of Service Protections
• Generic Web Attack Protection
• Error Detection and Hiding
@xeraa
30. Commercial Rules from Trustwave SpiderLabs
• Virtual Patching
• IP Reputation
• Web-based Malware Detection
• Webshell / Backdoor Detection
• Botnet Attack Detection
• HTTP Denial of Service (DoS) Attack Detection
@xeraa
31. Run sqlmap again
python sqlmap.py --url "https://xeraa.wtf/read.php:8080?
id=1" --purge
@xeraa