SlideShare une entreprise Scribd logo

Web Application Firewall intro

Télécharger en tant que PPTX, PDF
Rich Helton
Rich Helton
LogicielsTechnologie
1  sur  110
Introduction to Web Application Firewalls From Rich Helton’s October 2010 Web Application Firewall classes
WAF ( A quick fix)  Instead of rewriting code, some potentially quicker methods is to put an application to intercept the HTTP traffic ahead of the HTTP server known as a Web Application Firewall (WAF).  The WAF takes configurations like a normal firewall on what traffic to pass and reject. The difference is that it is responding specifically to an HTTP server like Apache or IIS.  For Apache, the most popular approach is to use its Open Source plugin called mod_security. http://www.modsecurity.org/  For IIS, WebKnight from AQTronix, http://aqtronix.com/?PageID=99 is the most popular Open Source solution.  Not everything can be covered by a WAF, especially session hijacking flaws, but XSS and SQL Injection can be mitigated. http://www.owasp.org/index.php/Category:OWASP_Best_Practices: _Use_of_Web_Application_Firewalls
WAF ( Not just a server fix)  WAFs are filters that sit in front of the Web Application.  Depending on their configuration, they will deny, or log, validated information from the Internet into the Application.  They are a good source in auditing the information that is hitting the Web site and the scans that are constantly taking place.
Pro’s and Con’s  Pro’s:  Installing a WAF is quicker, in most cases, than changing code and re- deploying a Web Application.  WAF’s may find issues, by using its rule sets, that the code may not be prepared to find. This is because WAFs have thousands of rules generated by industry experts.  Con’s: WAFs are limited by the rules that are installed in them. Therefore, if the rule is not there, it cannot protect against it. Validation is a better protection, because form level validation will use white-listing on what input is allowed, versus black-listing on the input that is denied.
ModSecurity/Apache Labs
Lab1 (Applying Tomcat)
Tomcat will need Apache  Starting Apache:  If there is an error, run the “StartApache.bat” in the lab and observe the error. Likely Apache may already be started.  Check Apache by IE http://localhost/ and it returns:
Tomcat will need Apache  To link Tomcat and Apache, the mod_jk module will need to be installed, see http://tomcat.apache.org/connectors-doc/ . Also known as the Tomcat Connector. Note: Tomcat can also use Microsoft’s IIS, instead of Apache, utilizing the Microsoft ISAPI plugin.  The easiest way to install the mod_jk connector is to have Tomcat generate “conf/auto/mod_jk.conf” from its Container and have Apache reference it from its “conf/httpd.conf” file:  LoadModule jk_module modules/mod_jk.so  Include C:/Apache2/apache-tomcat-6.0.28/conf/auto/mod_jk.conf  See http://www.johnturner.com/howto/apache2-tomcat4129-jk- winxp-howto.html
Tomcat will need Apache
Tomcat will need Apache  Start in “C:LabsLab_Mod_JK”. Run the “TestApacheConfig.bat”  The Apache directory is pre-installed in “C:Apache2”.  Tomcat will be pre-installed in “C:Apache2apache-tomcat- 6.0.28”
Tomcat will need Apache  You might receive the following screen from the generated mod_jk.conf:  The mod_jk.conf is generated from Tomcat and is running an old version of Tomcat. This file can be edited and copied to a new location and referenced, such as “C:Apache2apache-tomcat- 6.0.28conf” .
Installing mod_jk  mod_jk is the module that Tomcat and Apache will use to communicate. The C:Apache2apache-tomcat- 6.0.28confautomod_jk.conf file is generated from Tomcat at startup to tell Apache which files are available.  The Apache httpd.conf is configured to find the mod_jk.so module and configuration files by adding the following lines:  This is both in the Lab1 directory and already modified.
Installing mod_jk  Notice that the mod_jk.log will log the communications from Apache to Tomcat.  A workers.properties also has to be created in the $tomcat/conf to describe the ajp13 (mod_jk protocol) threads across port 8009.  Tomcat’s server.xml also has to be modified to listen with the mod_jk.so file:
Starting Tomcat/Apache  After a successful Start in Apache, and running C:Apache2apache-tomcat-6.0.28binstartup.bat . You can see it is successful by looking at the logs for an exceptions (look for the keyword exception in the files) and a successful start:
Port 8009  Port 8009 was used in the configuration workers.properties and server.xml to communicate between Apache and Tomcat. Using a product like fport.exe from Foundstone, the port should appear to be open and listening from java starting it, notice port 8009:
Now Try a Struts XSS Sample  Calling http://localhost/mandiant-struts-form- vulnerable/index.jsp
Now Try a Struts XSS Sample  Typing in the XSS “<script>alert(123)</script>”, XSS appears:
Lab2 (Adding ModSecurity)
Apache mod_security  The mod_security module information can be found at http://www.modsecurity.org/  Load the mod_security and unique id modules (this example is XP) in conf/httpd.conf:  LoadModule security2_module modules/mod_security2.so  LoadModule unique_id_module modules/mod_unique_id.so  Add the base configuration and some of the base rules:  Include conf/mod_security.conf  Include conf/base_rules/modsecurity_crs_41_xss_attacks.conf  Include conf/base_rules/modsecurity_crs_23_request_limits.conf  Include conf/base_rules/modsecurity_crs_35_bad_robots.conf  Include conf/base_rules/modsecurity_crs_40_generic_attacks.conf  Include conf/base_rules/modsecurity_crs_41_sql_injection_attacks.conf
Apache mod_unique_id  The modules/mod_unique_id.so has to be installed for mod_security to work.  To check to see which modules are currently being used by Apache, run httpd –t –D DUMP_MODULES from the Apache2/bin directory:
Apache mod_unique_id  Ensuring that the field is set in Apache2/httpd.conf :  Now run httpd –t –D DUMP_MODULES from the Apache2/bin directory:
Apache mod_security2  Copying the libxml2.dll, mod_security2.so, and pcre.dll to Apache2/modules, and adding the following to httpd.conf :  Now run httpd –t –D DUMP_MODULES from the Apache2/bin directory to see security2_module:
mod_security2 minimal configuration  Changing the modsecurity.conf-minimal to modsecurity.conf, the httpd.conf needs to call it:  Setting the rules to “500 Internal Server Error”, the XSS now returns an error code of 500:
Testing which rules may apply  http://www.modsecurity.org/demo/phpids has a smoketest to verify which rules may apply
ModSecurity Template for Building Rules
Lab3 (Manipulating Rules)
Apache mod_security logs  The mod_security logs show what the mod_security blocked.  If the minimal configuration was used with mod_security, it will send which rule that it blocked on to the “Apache2/logs/mod_audit.log.”  The log will match a rule that will define, usually through a Regex expression, the blocking sequence.  To log, the location of the logs need to be defined, as well as their level of logging. SecAuditEngine On Enables audit logging for all transactions. SecAuditEngine RelevantOnly Enables audit logging only for transactions that match a rule, or that have a status code that matches the regular expression configured via SecAuditLo- gRelevantStatus. SecAuditEngine Off Disables audit logging.
Defining logging (modsecurity.conf)
What do the mod_audit log say?  It blocked the mandiant page for the following reasons:
What do the mod_audit log say?  Looking closer,  It appears that the phids filter identified “<scri” as XSS.
What do the mod_audit log say?  Looking closer,  It appears that the phids filter identified “<scri” as XSS.
A simple test  Let’s see what happens when we remove the 41_phids_filters.conf  I am going to leave Tomcat running, it is not processing the rules, only Apache.  I am going to stop Apache, delete the 41_phids_filters.conf file, test the configuration, and start Apache.  The Apache configuration tested good, always test with changes…
This time it didn’t block, but triggered an audit rule  In the modsecurity_crs_41_xss_attacks.conf, it says pass and audit:
Conclusion  Adding the file 41_phids_filters.conf back in will start the process to block again.  Another alternative is to set the xss_attacks.conf rule to block by changing the rule from changing “pass” to “deny”.  There are many, many rules, and more than likely, they overlap in some manner.  This exercise was to show how to manipulate the rules just in case some of them block normal business activities.
Lab4 (Logging Only)
Startup  Ensure that Apache is set to block XSS with phids rules as before.  In this exercise, we will simply log and not block.  By default, modsecurity only logs, so we need to simply commit out the deny statement in the httpd.conf, after stopping Apache, check the config, and restart Apache.
XSS passes through  This time XSS passes through
The XSS alerts are logged  In the audit log we see the phpids alerts for XSS, along with the other rules as well. This is because it was not blocked by the phpids alert and kept going:
Lets test some tools (scanning with Netsparker)
It found XSS (scanning with Netsparker)
ModSecurity audit logs  When Netsparker scanned the site, the audit logs went from 32 KB to 732 KB. This is because it was capturing the NetSparker attacks.
Turning on “deny” again (XSS went away)
Conclusions  The most interesting part of this exercise is that we have the ability to capture an audit log , without blocking anything, and understand what attacks are hitting the web site.
Lab5 (FingerPrinting)
Startup  Ensure that Apache is set to block XSS with phids rules as before.  By knowing the Web Server type, and patches, it provides hackers a roadmap of what attacks to perform.  ModSecurity can fake the signature.  Changing the httpd.conf:
HttpPrint scans our type (Apache)
Let’s pretend to be an IIS machine  Changing the httpd.conf:  And the mod_security.conf:
Now we are Apache appearing as IIS 5.0
WebKnight/IIS Labs
Lab1 (Starting IIS/Hacme Bank)
WebKnight  WebKnight is an Open Source Web Application Firewall from AQTronix, http://aqtronix.com/?PageID=99  IIS 5.1 and SQL Server 2008 be installed from (Need ISO/Disk for XP while Installing) Web Platform Installer http://www.microsoft.com/web/downloads/platform.aspx  What also will prove useful is the Web Visual Studio 2010 Express, http://www.microsoft.com/web/downloads/platform.aspx  The version of HacmeBank is an updated version of HacmeBank to work on the modern .NET frameworks, it may work with versions 2.0 – 4.0. It was updated from the older versions found at http://www.owasp.org/index.php/OWASP_O2_Platform/WIKI/U sing_O2_on:_HacmeBank
Ensure IIS is started and HacmeBank installed (Control Panel-> Administrative Tools->Internet Information Services)
Webknight  HacmeBank has 3 main pieces:  The Hacme_Bank_V2_WS – Hacme Bank Web Service that will provide the Login web service to the Database, has .asmx files.  The Hacme_Bank_V2_Website – provides the asp files for the pages and forms.  The FoundStone_Bank Database will have to be installed.
FoundStone_Bank DB (SQL Server Management Studio)
Installing FoundStone_Bank DB  With the newer source code, there is a both a sql script and installer for the Database:
Visual Studio Web Express  Most of the management can be done by Visual Studio:
.NET Version  Be very aware of which .NET version is set for the Web Site, it will change many things.
Test the Hacme Web Service  http://localhost/HacmeBank_v2_WS/WebServices/UserManagement.asmx
Test the Hacme Web Service  Login Service, user “jv”, password “jv789”.
Test the Hacme Web Service  Return of “0001” means that it found it in the database.
Test the Hacme Web Site  http://localhost/HacmeBank_v2_Website/aspx/Login.aspx, UserName “jv”, Password “jv789”.
Test the Hacme Web Site  Joe Vilella will Login OK.
Lab2 (SQL Injection Test)
Intro to SQL Injection…  Many web pages communicate directly to a backend database for processing.  For example, a username and password is asked for on the Web page and the web page will pass it to the database to validate the information.  Some applications will not validate the field adequately before passing it to the database, and the database will process whatever it will receive.  Hackers will pass SQL commands directly to the database, and in some cases tables like “passwords” are returned because the SQL commands are not being filtered adequately.  SQL may return errors in the web page that even lists the correct tables to query so that the hacker may make more accurate attempts to get data.
SQL Injection  SQL Injection is the ability to inject malicious SQL commands into the backend code.  For example: SELECT * FROM users WHERE username = ‘USRTEXT ' AND password = ‘PASSTEXT’  Passing ' OR 1=1-- in the USRTEXT field generates: SELECT * FROM users WHERE username = ‘’ OR 1=1 -- ' AND password = ‘PASSTEXT’  The OR 1=1 returns true and the rest is commented out
Common attack strings ‘ or 27(hex) – delineates SQL string values. “ or 22 (hex) – also delineates SQL string values. ; or 3B (hex) - terminates statements. # or 23(hex) - also terminates a statement. (Access DB) /* or 2F2A (hex) - comment delimiter. -- or 2D2D (hex) – also comment delimiter. ( or 28 (hex) or ) or 29 (hex) – logical sub clauses. { or 7B (hex) or } or 7D (hex) – terminates a question. exec – used to call MS-SQL stored procedures. union – a SQL command very common to SQL injection.
SQL Injection  http://localhost/HacmeBank_v2_Website/aspx/Login.aspx, use “' OR 1=1–” as the UserName and “Submit”.
SQL Injection  Joe Vilella will Login OK without a Username and Password.
Common Code fixes to SQL Injection…  Validate the form field to only accept specific input for the fields.  For example, for login name use ^[0-9a-zA-Z]*$, which is Regular expressions for an alpha-numerical field.  For Apache Struts, use the org.apache.struts.validator.ValidatorPlugin, http://www.owasp.org/index.php/Data_Validation_(Code_Review) .  For JSPs/Servlets, validate in the Servlet using the with the “java.utile.regex” framework in a similar manner.  Don’t use SQL  Use Prepared Statements, or Hibernate, to call the database. http://www.owasp.org/index.php/Preventing_SQL_Injection_in_Jav a
Lab3 (XSS)
XSS in a form http://localhost/HacmeBank_v2_Website/aspx/main.aspx?function =PostMessageForm , type “<script>alert(document.cookie);</script>”
XSS  The cookie script will execute
Lab4 (Install WebKnight)
WebKnight  A copy will be in MyDocuments:
WebKnight  The WebKnight page is http://aqtronix.com/?PageID=99  How to install can be found at http://aqtronix.com/?PageID=99#Install  The WebKnight FAQ can be found at http://aqtronix.com/?PageID=114 and troubleshooting http://aqtronix.com/?PageID=114#trouble
WebKnight  Starting the Install:
WebKnight  Hit Typical:
WebKnight  Already done:
SQL Injection  http://localhost/HacmeBank_v2_Website/aspx/Login.aspx, use “' OR 1=1–” as the UserName and “Submit”.
SQL Injection  Out of the Box, it blocked SQL Injection.
Lab5 (WebKnight)
WebKnight  The Webknight product has a Loaded .xml that shows what is currently loaded, a WebKnight.xml on what needs to be loaded next and a Robots.xml dedicated to Bots.  If you ever get into trouble, you can delete the WebKnight.XML and the default will be created.  WebKnight has preview settings to look at online http://www.aqtronix.com/WebKnight/Manual/WebKnight.xml  Make sure you edit the file WebKnight.xml and NOT Loaded.xml (this last one is for debugging and to see what is loaded in memory).  Once every minute, the Loaded.xml will replace itself with the WebKnight.xml.
WebKnight  The Webknight product has editors for looking at the logs and xml:  That are read from the AQTRONIX directory in Program Files:
WebKnight  You can even edit the WebKnight.XML directly if desired:
WebKnight  We don’t really know what was blocked. Looking at Log Anaylsis, part of the block was a shadow file:
WebKnight Loaded XML  WebKnight has several sections to configure sections of the configuration file.
WebKnight  By default, file uploads, Frontpage Extensions, WebDAV, ASP.NET and many protocols are turned off…..
WebKnight Logging  What to log can be specified
WebKnight Authentication  We can deny blank passwords, Admin passwords, common passwords , etc.
WebKnight Robots  We can deny Bots of various kinds.
WebKnight Robots.xml  Webknight aggressively attacks Bots, http://www.aqtronix.com/?PageID=114
WebKnight Robots.xml  Webknight has a Robots.xml just to configure for this effort:
Lab6 (Config WebKnight)
Configuring WebKnight  Configuring WebKnight is mostly a combination of going between testing the site for desired results, looking at WebKnight’s Log Analysis to validate if the desired results match perceived results,a and using the WebKnight Configuration tool to change the results until they meet the desired outcome.  Always stop/start IIS after the changes.  WebKnight has preview settings to look at online http://www.aqtronix.com/WebKnight/Manual/WebKnight.xml  Make sure you edit the file WebKnight.xml and NOT Loaded.xml (this last one is for debugging and to see what is loaded in memory).
WebKnight  Looking back at WebKnight, the shadow.txtbox.gif appears as a shadow file and was blocked.
WebKnight  We set WebKnight to temporarily allow all files as test and Soap calls. Wait a minute for it to load as a Loaded.XML.
WebKnight  Now we can log in.
WebKnight  And SQL Injection is blocked.
WebKnight  Logging Only, instead of blocking, set the Incident Response section to “Response Log Only”.
SQL Injection  Joe Vilella will Login OK without a Username and Password.
SQL Injection  Joe Vilella will Login OK without a Username and Password.
Lab7 (NetSparker)
Configuring WebKnight  Ensure that WebKnight is in Logging Only mode from the last exercise.  Ensure that Netsparker is installed, if not install it from the “My Documents” directory. It will require the .NET 3.5 framework.
Start scanning with Netsparker
If you are in Logging Only mode  If in Logging Only Mode, Netsparker will report many issues with the Hacme site.  The WebKnight logs will have many alerts in it from NetSparker attacking IIS.
Turn off the Logging Only mode  Double check by both checking the Loaded.xml and test the site for SQLInjection.
Rescan with the Logging Only mode off
The scan is cleaner  If there is time, we can go through the WebKnight.xml, change some settings, test, and continue to reconfigure WebKnight to get the optimal results.
Final Thoughts
Final Thoughts  Are there any Questions?  Feel free to contact me at rich.helton@state.co.us  Also, always only try these tools with your own test site or with permission of the system owner.

Recommandé

Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application FirewallChandrapal Badshah
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1whitehat 'People'
 
Benefits of Web Application Firewall
Benefits of Web Application FirewallBenefits of Web Application Firewall
Benefits of Web Application Firewalldavidjohnrace
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod securityRomansh Yadav
 
FIREWALL
FIREWALL FIREWALL
FIREWALL Akash R
 

Recommandé

Web Application Firewall
Web Application FirewallWeb Application Firewall
Web Application FirewallChandrapal Badshah
 
Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)Computer Security and Intrusion Detection(IDS/IPS)
Computer Security and Intrusion Detection(IDS/IPS)LJ PROJECTS
 
Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1Introduction to IDS & IPS - Part 1
Introduction to IDS & IPS - Part 1whitehat 'People'
 
Benefits of Web Application Firewall
Benefits of Web Application FirewallBenefits of Web Application Firewall
Benefits of Web Application Firewalldavidjohnrace
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
Palo alto networks product overview
Palo alto networks product overviewPalo alto networks product overview
Palo alto networks product overviewBelsoft
 
Web Application firewall-Mod security
Web Application firewall-Mod securityWeb Application firewall-Mod security
Web Application firewall-Mod securityRomansh Yadav
 
FIREWALL
FIREWALL FIREWALL
FIREWALL Akash R
 
Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark TutorialCoursenvy.com
 
Dmz
Dmz Dmz
Dmz أحلام انصارى
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPSSantosh Khadsare
 
Siber güvenlik ve hacking
Siber güvenlik ve hackingSiber güvenlik ve hacking
Siber güvenlik ve hackingAlper Başaran
 
FortiWeb
FortiWebFortiWeb
FortiWebAlireza Akrami
 
Scada Sistemleri ve Güvenliği
Scada Sistemleri ve GüvenliğiScada Sistemleri ve Güvenliği
Scada Sistemleri ve GüvenliğiAhmet Gürel
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentationyogendrasinghchahar
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attackstollen_fusion
 
Ccna
CcnaCcna
CcnaAdityaKumar1548
 
Mobile Application Penetration Testing
Mobile Application Penetration TestingMobile Application Penetration Testing
Mobile Application Penetration TestingBGA Cyber Security
 
Aircrack
AircrackAircrack
AircrackMuhammadHanzalah6
 
Ports and protocols
Ports and protocolsPorts and protocols
Ports and protocolssiva rama
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)david rom
 
[9] Firewall.pdf
[9] Firewall.pdf[9] Firewall.pdf
[9] Firewall.pdflamtran367679
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kalin|u - The Open Security Community
 
Port forwarding
Port forwardingPort forwarding
Port forwardingRonak Mehta
 
Temel ağ bilgisi
Temel ağ bilgisiTemel ağ bilgisi
Temel ağ bilgisiBegüm Erol
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMIftikhar Ali Iqbal
 
Why You Need A Web Application Firewall
Why You Need A Web Application FirewallWhy You Need A Web Application Firewall
Why You Need A Web Application FirewallPort80 Software
 
Evolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesEvolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesBrian A. McHenry
 

Contenu connexe

Tendances

Siber güvenlik ve hacking
Siber güvenlik ve hackingSiber güvenlik ve hacking
Siber güvenlik ve hackingAlper Başaran
 
Scada Sistemleri ve Güvenliği
Scada Sistemleri ve GüvenliğiScada Sistemleri ve Güvenliği
Scada Sistemleri ve GüvenliğiAhmet Gürel
 
Mobile Application Penetration Testing
Mobile Application Penetration TestingMobile Application Penetration Testing
Mobile Application Penetration TestingBGA Cyber Security
 
Ports and protocols
Ports and protocolsPorts and protocols
Ports and protocolssiva rama
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)david rom
 
Temel ağ bilgisi
Temel ağ bilgisiTemel ağ bilgisi
Temel ağ bilgisiBegüm Erol
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMIftikhar Ali Iqbal
 

Tendances (20)

Wireshark Tutorial
Wireshark TutorialWireshark Tutorial
Wireshark Tutorial
 
Dmz
Dmz Dmz
Dmz
 
IDS and IPS
IDS and IPSIDS and IPS
IDS and IPS
 
Siber güvenlik ve hacking
Siber güvenlik ve hackingSiber güvenlik ve hacking
Siber güvenlik ve hacking
 
FortiWeb
FortiWebFortiWeb
FortiWeb
 
Scada Sistemleri ve Güvenliği
Scada Sistemleri ve GüvenliğiScada Sistemleri ve Güvenliği
Scada Sistemleri ve Güvenliği
 
Firewall presentation
Firewall presentationFirewall presentation
Firewall presentation
 
Denial of service
Denial of serviceDenial of service
Denial of service
 
DoS or DDoS attack
DoS or DDoS attackDoS or DDoS attack
DoS or DDoS attack
 
Ccna
CcnaCcna
Ccna
 
Mobile Application Penetration Testing
Mobile Application Penetration TestingMobile Application Penetration Testing
Mobile Application Penetration Testing
 
Aircrack
AircrackAircrack
Aircrack
 
Ports and protocols
Ports and protocolsPorts and protocols
Ports and protocols
 
Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)Five Major Types of Intrusion Detection System (IDS)
Five Major Types of Intrusion Detection System (IDS)
 
[9] Firewall.pdf
[9] Firewall.pdf[9] Firewall.pdf
[9] Firewall.pdf
 
Wireless Cracking using Kali
Wireless Cracking using KaliWireless Cracking using Kali
Wireless Cracking using Kali
 
Port forwarding
Port forwardingPort forwarding
Port forwarding
 
Temel ağ bilgisi
Temel ağ bilgisiTemel ağ bilgisi
Temel ağ bilgisi
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
McAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEMMcAfee - Enterprise Security Manager (ESM) - SIEM
McAfee - Enterprise Security Manager (ESM) - SIEM
 

En vedette

Why You Need A Web Application Firewall
Why You Need A Web Application FirewallWhy You Need A Web Application Firewall
Why You Need A Web Application FirewallPort80 Software
 
Evolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesEvolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesBrian A. McHenry
 
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...Neil Matatall
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationTjylen Veselyj
 
Web Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And ExploitationWeb Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And ExploitationSandro Gauci
 
2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)
2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)
2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)Mirantis
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack ArchitectureMirantis
 

En vedette (11)

Why You Need A Web Application Firewall
Why You Need A Web Application FirewallWhy You Need A Web Application Firewall
Why You Need A Web Application Firewall
 
Evolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About VulnerabilitiesEvolution of WAF - Stop Worrying About Vulnerabilities
Evolution of WAF - Stop Worrying About Vulnerabilities
 
Valtion yhteinen tietoliikenneratkaisu - VY-verkko yhdistää turvalli-sesti kä...
Valtion yhteinen tietoliikenneratkaisu - VY-verkko yhdistää turvalli-sesti kä...Valtion yhteinen tietoliikenneratkaisu - VY-verkko yhdistää turvalli-sesti kä...
Valtion yhteinen tietoliikenneratkaisu - VY-verkko yhdistää turvalli-sesti kä...
 
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...2009: Securing Applications With Web Application Firewalls and Vulnerability ...
2009: Securing Applications With Web Application Firewalls and Vulnerability ...
 
Web Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combinationWeb Application Firewall (WAF) DAST/SAST combination
Web Application Firewall (WAF) DAST/SAST combination
 
Web Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And ExploitationWeb Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And Exploitation
 
Security in Cloud Computing
Security in Cloud ComputingSecurity in Cloud Computing
Security in Cloud Computing
 
DDoS Attacks
DDoS AttacksDDoS Attacks
DDoS Attacks
 
Cloud security ppt
Cloud security pptCloud security ppt
Cloud security ppt
 
2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)
2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)
2 Day Bootcamp for OpenStack--Cloud Training by Mirantis (Preview)
 
OpenStack Architecture
OpenStack ArchitectureOpenStack Architecture
OpenStack Architecture
 

Similaire à Web Application Firewall intro

Integrating tomcat with apache
Integrating tomcat with apacheIntegrating tomcat with apache
Integrating tomcat with apachegovindraj8787
 
Java Web Security Class
Java Web Security ClassJava Web Security Class
Java Web Security ClassRich Helton
 
apresentacao_apache2..
apresentacao_apache2..apresentacao_apache2..
apresentacao_apache2..webhostingguy
 
apresentacao_apache2..
apresentacao_apache2..apresentacao_apache2..
apresentacao_apache2..webhostingguy
 
Single Sign-On for APEX applications based on Kerberos (Important: latest ver...
Single Sign-On for APEX applications based on Kerberos (Important: latest ver...Single Sign-On for APEX applications based on Kerberos (Important: latest ver...
Single Sign-On for APEX applications based on Kerberos (Important: latest ver...Niels de Bruijn
 
Using aphace-as-proxy-server
Using aphace-as-proxy-serverUsing aphace-as-proxy-server
Using aphace-as-proxy-serverHARRY CHAN PUTRA
 
Apache Tomcat 8 Application Server
Apache Tomcat 8 Application ServerApache Tomcat 8 Application Server
Apache Tomcat 8 Application Servermohamedmoharam
 
ubantu mod security
ubantu mod securityubantu mod security
ubantu mod securityKunal gupta
 
High Performance Web Sites
High Performance Web SitesHigh Performance Web Sites
High Performance Web SitesRavi Raj
 
C sharp and asp.net interview questions
C sharp and asp.net interview questionsC sharp and asp.net interview questions
C sharp and asp.net interview questionsAkhil Mittal
 
Tomcat Configuration (1)
Tomcat Configuration (1)Tomcat Configuration (1)
Tomcat Configuration (1)nazeer pasha
 
Using Apache as an Application Server
Using Apache as an Application ServerUsing Apache as an Application Server
Using Apache as an Application ServerPhil Windley
 

Similaire à Web Application Firewall intro (20)

Integrating tomcat with apache
Integrating tomcat with apacheIntegrating tomcat with apache
Integrating tomcat with apache
 
Java Web Security Class
Java Web Security ClassJava Web Security Class
Java Web Security Class
 
Apache - Quick reference guide
Apache - Quick reference guideApache - Quick reference guide
Apache - Quick reference guide
 
Download It
Download ItDownload It
Download It
 
apresentacao_apache2..
apresentacao_apache2..apresentacao_apache2..
apresentacao_apache2..
 
apresentacao_apache2..
apresentacao_apache2..apresentacao_apache2..
apresentacao_apache2..
 
Single Sign-On for APEX applications based on Kerberos (Important: latest ver...
Single Sign-On for APEX applications based on Kerberos (Important: latest ver...Single Sign-On for APEX applications based on Kerberos (Important: latest ver...
Single Sign-On for APEX applications based on Kerberos (Important: latest ver...
 
Using aphace-as-proxy-server
Using aphace-as-proxy-serverUsing aphace-as-proxy-server
Using aphace-as-proxy-server
 
Apache Tomcat 8 Application Server
Apache Tomcat 8 Application ServerApache Tomcat 8 Application Server
Apache Tomcat 8 Application Server
 
ubantu mod security
ubantu mod securityubantu mod security
ubantu mod security
 
High Performance Web Sites
High Performance Web SitesHigh Performance Web Sites
High Performance Web Sites
 
C sharp and asp.net interview questions
C sharp and asp.net interview questionsC sharp and asp.net interview questions
C sharp and asp.net interview questions
 
Jakarta struts
Jakarta strutsJakarta struts
Jakarta struts
 
bjhbj
bjhbjbjhbj
bjhbj
 
Caching By Nyros Developer
Caching By Nyros DeveloperCaching By Nyros Developer
Caching By Nyros Developer
 
PHP {in}security
PHP {in}securityPHP {in}security
PHP {in}security
 
Tomcat 6: Evolving our server
Tomcat 6: Evolving our serverTomcat 6: Evolving our server
Tomcat 6: Evolving our server
 
Apache ppt
Apache pptApache ppt
Apache ppt
 
Tomcat Configuration (1)
Tomcat Configuration (1)Tomcat Configuration (1)
Tomcat Configuration (1)
 
Using Apache as an Application Server
Using Apache as an Application ServerUsing Apache as an Application Server
Using Apache as an Application Server
 

Plus de Rich Helton

Java for Mainframers
Java for MainframersJava for Mainframers
Java for MainframersRich Helton
 
I pad uicatalog_lesson02
I pad uicatalog_lesson02I pad uicatalog_lesson02
I pad uicatalog_lesson02Rich Helton
 
Mongo db rev001.
Mongo db rev001.Mongo db rev001.
Mongo db rev001.Rich Helton
 
NServicebus WCF Integration 101
NServicebus WCF Integration 101NServicebus WCF Integration 101
NServicebus WCF Integration 101Rich Helton
 
AspMVC4 start101
AspMVC4 start101AspMVC4 start101
AspMVC4 start101Rich Helton
 
Entity frameworks101
Entity frameworks101Entity frameworks101
Entity frameworks101Rich Helton
 
Tumbleweed intro
Tumbleweed introTumbleweed intro
Tumbleweed introRich Helton
 
Salesforce Intro
Salesforce IntroSalesforce Intro
Salesforce IntroRich Helton
 
LEARNING  iPAD STORYBOARDS IN OBJ-­‐C LESSON 1
LEARNING  iPAD STORYBOARDS IN OBJ-­‐C LESSON 1LEARNING  iPAD STORYBOARDS IN OBJ-­‐C LESSON 1
LEARNING  iPAD STORYBOARDS IN OBJ-­‐C LESSON 1Rich Helton
 
Learning C# iPad Programming
Learning C# iPad ProgrammingLearning C# iPad Programming
Learning C# iPad ProgrammingRich Helton
 
First Steps in Android
First Steps in AndroidFirst Steps in Android
First Steps in AndroidRich Helton
 
Python For Droid
Python For DroidPython For Droid
Python For DroidRich Helton
 
Spring Roo Rev005
Spring Roo Rev005Spring Roo Rev005
Spring Roo Rev005Rich Helton
 
Overview of CSharp MVC3 and EF4
Overview of CSharp MVC3 and EF4Overview of CSharp MVC3 and EF4
Overview of CSharp MVC3 and EF4Rich Helton
 
C#Web Sec Oct27 2010 Final
C#Web Sec Oct27 2010 FinalC#Web Sec Oct27 2010 Final
C#Web Sec Oct27 2010 FinalRich Helton
 

Plus de Rich Helton (20)

Java for Mainframers
Java for MainframersJava for Mainframers
Java for Mainframers
 
I pad uicatalog_lesson02
I pad uicatalog_lesson02I pad uicatalog_lesson02
I pad uicatalog_lesson02
 
Mongo db rev001.
Mongo db rev001.Mongo db rev001.
Mongo db rev001.
 
NServicebus WCF Integration 101
NServicebus WCF Integration 101NServicebus WCF Integration 101
NServicebus WCF Integration 101
 
AspMVC4 start101
AspMVC4 start101AspMVC4 start101
AspMVC4 start101
 
Entity frameworks101
Entity frameworks101Entity frameworks101
Entity frameworks101
 
Tumbleweed intro
Tumbleweed introTumbleweed intro
Tumbleweed intro
 
Azure rev002
Azure rev002Azure rev002
Azure rev002
 
Salesforce Intro
Salesforce IntroSalesforce Intro
Salesforce Intro
 
LEARNING  iPAD STORYBOARDS IN OBJ-­‐C LESSON 1
LEARNING  iPAD STORYBOARDS IN OBJ-­‐C LESSON 1LEARNING  iPAD STORYBOARDS IN OBJ-­‐C LESSON 1
LEARNING  iPAD STORYBOARDS IN OBJ-­‐C LESSON 1
 
Learning C# iPad Programming
Learning C# iPad ProgrammingLearning C# iPad Programming
Learning C# iPad Programming
 
First Steps in Android
First Steps in AndroidFirst Steps in Android
First Steps in Android
 
NServiceBus
NServiceBusNServiceBus
NServiceBus
 
Python For Droid
Python For DroidPython For Droid
Python For Droid
 
Spring Roo Rev005
Spring Roo Rev005Spring Roo Rev005
Spring Roo Rev005
 
Python Final
Python FinalPython Final
Python Final
 
Overview of CSharp MVC3 and EF4
Overview of CSharp MVC3 and EF4Overview of CSharp MVC3 and EF4
Overview of CSharp MVC3 and EF4
 
Adobe Flex4
Adobe Flex4 Adobe Flex4
Adobe Flex4
 
C#Web Sec Oct27 2010 Final
C#Web Sec Oct27 2010 FinalC#Web Sec Oct27 2010 Final
C#Web Sec Oct27 2010 Final
 
Jira Rev002
Jira Rev002Jira Rev002
Jira Rev002
 

Dernier

Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...soniya singh
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyFrank van der Linden
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Intelisync
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityNeo4j
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - InfographicHr365.us smith
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEOrtus Solutions, Corp
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfkalichargn70th171
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptkotipi9215
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVshikhaohhpro
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio, Inc.
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 

Dernier (20)

Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
Russian Call Girls in Karol Bagh Aasnvi ➡️ 8264348440 💋📞 Independent Escort S...
 
Engage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The UglyEngage Usergroup 2024 - The Good The Bad_The Ugly
Engage Usergroup 2024 - The Good The Bad_The Ugly
 
Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)Introduction to Decentralized Applications (dApps)
Introduction to Decentralized Applications (dApps)
 
EY_Graph Database Powered Sustainability
EY_Graph Database Powered SustainabilityEY_Graph Database Powered Sustainability
EY_Graph Database Powered Sustainability
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
Asset Management Software - Infographic
Asset Management Software - InfographicAsset Management Software - Infographic
Asset Management Software - Infographic
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASEBATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
BATTLEFIELD ORM: TIPS, TACTICS AND STRATEGIES FOR CONQUERING YOUR DATABASE
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdfThe Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
The Essentials of Digital Experience Monitoring_ A Comprehensive Guide.pdf
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
chapter--4-software-project-planning.ppt
chapter--4-software-project-planning.pptchapter--4-software-project-planning.ppt
chapter--4-software-project-planning.ppt
 
Optimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTVOptimizing AI for immediate response in Smart CCTV
Optimizing AI for immediate response in Smart CCTV
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed DataAlluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
Alluxio Monthly Webinar | Cloud-Native Model Training on Distributed Data
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 

Web Application Firewall intro

  • 1. Introduction to Web Application Firewalls From Rich Helton’s October 2010 Web Application Firewall classes
  • 2. WAF ( A quick fix)  Instead of rewriting code, some potentially quicker methods is to put an application to intercept the HTTP traffic ahead of the HTTP server known as a Web Application Firewall (WAF).  The WAF takes configurations like a normal firewall on what traffic to pass and reject. The difference is that it is responding specifically to an HTTP server like Apache or IIS.  For Apache, the most popular approach is to use its Open Source plugin called mod_security. http://www.modsecurity.org/  For IIS, WebKnight from AQTronix, http://aqtronix.com/?PageID=99 is the most popular Open Source solution.  Not everything can be covered by a WAF, especially session hijacking flaws, but XSS and SQL Injection can be mitigated. http://www.owasp.org/index.php/Category:OWASP_Best_Practices: _Use_of_Web_Application_Firewalls
  • 3. WAF ( Not just a server fix)  WAFs are filters that sit in front of the Web Application.  Depending on their configuration, they will deny, or log, validated information from the Internet into the Application.  They are a good source in auditing the information that is hitting the Web site and the scans that are constantly taking place.
  • 4. Pro’s and Con’s  Pro’s:  Installing a WAF is quicker, in most cases, than changing code and re- deploying a Web Application.  WAF’s may find issues, by using its rule sets, that the code may not be prepared to find. This is because WAFs have thousands of rules generated by industry experts.  Con’s: WAFs are limited by the rules that are installed in them. Therefore, if the rule is not there, it cannot protect against it. Validation is a better protection, because form level validation will use white-listing on what input is allowed, versus black-listing on the input that is denied.
  • 7. Tomcat will need Apache  Starting Apache:  If there is an error, run the “StartApache.bat” in the lab and observe the error. Likely Apache may already be started.  Check Apache by IE http://localhost/ and it returns:
  • 8. Tomcat will need Apache  To link Tomcat and Apache, the mod_jk module will need to be installed, see http://tomcat.apache.org/connectors-doc/ . Also known as the Tomcat Connector. Note: Tomcat can also use Microsoft’s IIS, instead of Apache, utilizing the Microsoft ISAPI plugin.  The easiest way to install the mod_jk connector is to have Tomcat generate “conf/auto/mod_jk.conf” from its Container and have Apache reference it from its “conf/httpd.conf” file:  LoadModule jk_module modules/mod_jk.so  Include C:/Apache2/apache-tomcat-6.0.28/conf/auto/mod_jk.conf  See http://www.johnturner.com/howto/apache2-tomcat4129-jk- winxp-howto.html
  • 10. Tomcat will need Apache  Start in “C:LabsLab_Mod_JK”. Run the “TestApacheConfig.bat”  The Apache directory is pre-installed in “C:Apache2”.  Tomcat will be pre-installed in “C:Apache2apache-tomcat- 6.0.28”
  • 11. Tomcat will need Apache  You might receive the following screen from the generated mod_jk.conf:  The mod_jk.conf is generated from Tomcat and is running an old version of Tomcat. This file can be edited and copied to a new location and referenced, such as “C:Apache2apache-tomcat- 6.0.28conf” .
  • 12. Installing mod_jk  mod_jk is the module that Tomcat and Apache will use to communicate. The C:Apache2apache-tomcat- 6.0.28confautomod_jk.conf file is generated from Tomcat at startup to tell Apache which files are available.  The Apache httpd.conf is configured to find the mod_jk.so module and configuration files by adding the following lines:  This is both in the Lab1 directory and already modified.
  • 13. Installing mod_jk  Notice that the mod_jk.log will log the communications from Apache to Tomcat.  A workers.properties also has to be created in the $tomcat/conf to describe the ajp13 (mod_jk protocol) threads across port 8009.  Tomcat’s server.xml also has to be modified to listen with the mod_jk.so file:
  • 14. Starting Tomcat/Apache  After a successful Start in Apache, and running C:Apache2apache-tomcat-6.0.28binstartup.bat . You can see it is successful by looking at the logs for an exceptions (look for the keyword exception in the files) and a successful start:
  • 15. Port 8009  Port 8009 was used in the configuration workers.properties and server.xml to communicate between Apache and Tomcat. Using a product like fport.exe from Foundstone, the port should appear to be open and listening from java starting it, notice port 8009:
  • 16. Now Try a Struts XSS Sample  Calling http://localhost/mandiant-struts-form- vulnerable/index.jsp
  • 17. Now Try a Struts XSS Sample  Typing in the XSS “<script>alert(123)</script>”, XSS appears:
  • 19. Apache mod_security  The mod_security module information can be found at http://www.modsecurity.org/  Load the mod_security and unique id modules (this example is XP) in conf/httpd.conf:  LoadModule security2_module modules/mod_security2.so  LoadModule unique_id_module modules/mod_unique_id.so  Add the base configuration and some of the base rules:  Include conf/mod_security.conf  Include conf/base_rules/modsecurity_crs_41_xss_attacks.conf  Include conf/base_rules/modsecurity_crs_23_request_limits.conf  Include conf/base_rules/modsecurity_crs_35_bad_robots.conf  Include conf/base_rules/modsecurity_crs_40_generic_attacks.conf  Include conf/base_rules/modsecurity_crs_41_sql_injection_attacks.conf
  • 20. Apache mod_unique_id  The modules/mod_unique_id.so has to be installed for mod_security to work.  To check to see which modules are currently being used by Apache, run httpd –t –D DUMP_MODULES from the Apache2/bin directory:
  • 21. Apache mod_unique_id  Ensuring that the field is set in Apache2/httpd.conf :  Now run httpd –t –D DUMP_MODULES from the Apache2/bin directory:
  • 22. Apache mod_security2  Copying the libxml2.dll, mod_security2.so, and pcre.dll to Apache2/modules, and adding the following to httpd.conf :  Now run httpd –t –D DUMP_MODULES from the Apache2/bin directory to see security2_module:
  • 23. mod_security2 minimal configuration  Changing the modsecurity.conf-minimal to modsecurity.conf, the httpd.conf needs to call it:  Setting the rules to “500 Internal Server Error”, the XSS now returns an error code of 500:
  • 24. Testing which rules may apply  http://www.modsecurity.org/demo/phpids has a smoketest to verify which rules may apply
  • 27. Apache mod_security logs  The mod_security logs show what the mod_security blocked.  If the minimal configuration was used with mod_security, it will send which rule that it blocked on to the “Apache2/logs/mod_audit.log.”  The log will match a rule that will define, usually through a Regex expression, the blocking sequence.  To log, the location of the logs need to be defined, as well as their level of logging. SecAuditEngine On Enables audit logging for all transactions. SecAuditEngine RelevantOnly Enables audit logging only for transactions that match a rule, or that have a status code that matches the regular expression configured via SecAuditLo- gRelevantStatus. SecAuditEngine Off Disables audit logging.
  • 29. What do the mod_audit log say?  It blocked the mandiant page for the following reasons:
  • 30. What do the mod_audit log say?  Looking closer,  It appears that the phids filter identified “<scri” as XSS.
  • 31. What do the mod_audit log say?  Looking closer,  It appears that the phids filter identified “<scri” as XSS.
  • 32. A simple test  Let’s see what happens when we remove the 41_phids_filters.conf  I am going to leave Tomcat running, it is not processing the rules, only Apache.  I am going to stop Apache, delete the 41_phids_filters.conf file, test the configuration, and start Apache.  The Apache configuration tested good, always test with changes…
  • 33. This time it didn’t block, but triggered an audit rule  In the modsecurity_crs_41_xss_attacks.conf, it says pass and audit:
  • 34. Conclusion  Adding the file 41_phids_filters.conf back in will start the process to block again.  Another alternative is to set the xss_attacks.conf rule to block by changing the rule from changing “pass” to “deny”.  There are many, many rules, and more than likely, they overlap in some manner.  This exercise was to show how to manipulate the rules just in case some of them block normal business activities.
  • 36. Startup  Ensure that Apache is set to block XSS with phids rules as before.  In this exercise, we will simply log and not block.  By default, modsecurity only logs, so we need to simply commit out the deny statement in the httpd.conf, after stopping Apache, check the config, and restart Apache.
  • 37. XSS passes through  This time XSS passes through
  • 38. The XSS alerts are logged  In the audit log we see the phpids alerts for XSS, along with the other rules as well. This is because it was not blocked by the phpids alert and kept going:
  • 39. Lets test some tools (scanning with Netsparker)
  • 40. It found XSS (scanning with Netsparker)
  • 41. ModSecurity audit logs  When Netsparker scanned the site, the audit logs went from 32 KB to 732 KB. This is because it was capturing the NetSparker attacks.
  • 42. Turning on “deny” again (XSS went away)
  • 43. Conclusions  The most interesting part of this exercise is that we have the ability to capture an audit log , without blocking anything, and understand what attacks are hitting the web site.
  • 45. Startup  Ensure that Apache is set to block XSS with phids rules as before.  By knowing the Web Server type, and patches, it provides hackers a roadmap of what attacks to perform.  ModSecurity can fake the signature.  Changing the httpd.conf:
  • 46. HttpPrint scans our type (Apache)
  • 47. Let’s pretend to be an IIS machine  Changing the httpd.conf:  And the mod_security.conf:
  • 48. Now we are Apache appearing as IIS 5.0
  • 51. WebKnight  WebKnight is an Open Source Web Application Firewall from AQTronix, http://aqtronix.com/?PageID=99  IIS 5.1 and SQL Server 2008 be installed from (Need ISO/Disk for XP while Installing) Web Platform Installer http://www.microsoft.com/web/downloads/platform.aspx  What also will prove useful is the Web Visual Studio 2010 Express, http://www.microsoft.com/web/downloads/platform.aspx  The version of HacmeBank is an updated version of HacmeBank to work on the modern .NET frameworks, it may work with versions 2.0 – 4.0. It was updated from the older versions found at http://www.owasp.org/index.php/OWASP_O2_Platform/WIKI/U sing_O2_on:_HacmeBank
  • 52. Ensure IIS is started and HacmeBank installed (Control Panel-> Administrative Tools->Internet Information Services)
  • 53. Webknight  HacmeBank has 3 main pieces:  The Hacme_Bank_V2_WS – Hacme Bank Web Service that will provide the Login web service to the Database, has .asmx files.  The Hacme_Bank_V2_Website – provides the asp files for the pages and forms.  The FoundStone_Bank Database will have to be installed.
  • 54. FoundStone_Bank DB (SQL Server Management Studio)
  • 55. Installing FoundStone_Bank DB  With the newer source code, there is a both a sql script and installer for the Database:
  • 56. Visual Studio Web Express  Most of the management can be done by Visual Studio:
  • 57. .NET Version  Be very aware of which .NET version is set for the Web Site, it will change many things.
  • 58. Test the Hacme Web Service  http://localhost/HacmeBank_v2_WS/WebServices/UserManagement.asmx
  • 59. Test the Hacme Web Service  Login Service, user “jv”, password “jv789”.
  • 60. Test the Hacme Web Service  Return of “0001” means that it found it in the database.
  • 61. Test the Hacme Web Site  http://localhost/HacmeBank_v2_Website/aspx/Login.aspx, UserName “jv”, Password “jv789”.
  • 62. Test the Hacme Web Site  Joe Vilella will Login OK.
  • 64. Intro to SQL Injection…  Many web pages communicate directly to a backend database for processing.  For example, a username and password is asked for on the Web page and the web page will pass it to the database to validate the information.  Some applications will not validate the field adequately before passing it to the database, and the database will process whatever it will receive.  Hackers will pass SQL commands directly to the database, and in some cases tables like “passwords” are returned because the SQL commands are not being filtered adequately.  SQL may return errors in the web page that even lists the correct tables to query so that the hacker may make more accurate attempts to get data.
  • 65. SQL Injection  SQL Injection is the ability to inject malicious SQL commands into the backend code.  For example: SELECT * FROM users WHERE username = ‘USRTEXT ' AND password = ‘PASSTEXT’  Passing ' OR 1=1-- in the USRTEXT field generates: SELECT * FROM users WHERE username = ‘’ OR 1=1 -- ' AND password = ‘PASSTEXT’  The OR 1=1 returns true and the rest is commented out
  • 66. Common attack strings ‘ or 27(hex) – delineates SQL string values. “ or 22 (hex) – also delineates SQL string values. ; or 3B (hex) - terminates statements. # or 23(hex) - also terminates a statement. (Access DB) /* or 2F2A (hex) - comment delimiter. -- or 2D2D (hex) – also comment delimiter. ( or 28 (hex) or ) or 29 (hex) – logical sub clauses. { or 7B (hex) or } or 7D (hex) – terminates a question. exec – used to call MS-SQL stored procedures. union – a SQL command very common to SQL injection.
  • 67. SQL Injection  http://localhost/HacmeBank_v2_Website/aspx/Login.aspx, use “' OR 1=1–” as the UserName and “Submit”.
  • 68. SQL Injection  Joe Vilella will Login OK without a Username and Password.
  • 69. Common Code fixes to SQL Injection…  Validate the form field to only accept specific input for the fields.  For example, for login name use ^[0-9a-zA-Z]*$, which is Regular expressions for an alpha-numerical field.  For Apache Struts, use the org.apache.struts.validator.ValidatorPlugin, http://www.owasp.org/index.php/Data_Validation_(Code_Review) .  For JSPs/Servlets, validate in the Servlet using the with the “java.utile.regex” framework in a similar manner.  Don’t use SQL  Use Prepared Statements, or Hibernate, to call the database. http://www.owasp.org/index.php/Preventing_SQL_Injection_in_Jav a
  • 71. XSS in a form http://localhost/HacmeBank_v2_Website/aspx/main.aspx?function =PostMessageForm , type “<script>alert(document.cookie);</script>”
  • 72. XSS  The cookie script will execute
  • 74. WebKnight  A copy will be in MyDocuments:
  • 75. WebKnight  The WebKnight page is http://aqtronix.com/?PageID=99  How to install can be found at http://aqtronix.com/?PageID=99#Install  The WebKnight FAQ can be found at http://aqtronix.com/?PageID=114 and troubleshooting http://aqtronix.com/?PageID=114#trouble
  • 79. SQL Injection  http://localhost/HacmeBank_v2_Website/aspx/Login.aspx, use “' OR 1=1–” as the UserName and “Submit”.
  • 80. SQL Injection  Out of the Box, it blocked SQL Injection.
  • 82. WebKnight  The Webknight product has a Loaded .xml that shows what is currently loaded, a WebKnight.xml on what needs to be loaded next and a Robots.xml dedicated to Bots.  If you ever get into trouble, you can delete the WebKnight.XML and the default will be created.  WebKnight has preview settings to look at online http://www.aqtronix.com/WebKnight/Manual/WebKnight.xml  Make sure you edit the file WebKnight.xml and NOT Loaded.xml (this last one is for debugging and to see what is loaded in memory).  Once every minute, the Loaded.xml will replace itself with the WebKnight.xml.
  • 83. WebKnight  The Webknight product has editors for looking at the logs and xml:  That are read from the AQTRONIX directory in Program Files:
  • 84. WebKnight  You can even edit the WebKnight.XML directly if desired:
  • 85. WebKnight  We don’t really know what was blocked. Looking at Log Anaylsis, part of the block was a shadow file:
  • 86. WebKnight Loaded XML  WebKnight has several sections to configure sections of the configuration file.
  • 87. WebKnight  By default, file uploads, Frontpage Extensions, WebDAV, ASP.NET and many protocols are turned off…..
  • 88. WebKnight Logging  What to log can be specified
  • 89. WebKnight Authentication  We can deny blank passwords, Admin passwords, common passwords , etc.
  • 90. WebKnight Robots  We can deny Bots of various kinds.
  • 91. WebKnight Robots.xml  Webknight aggressively attacks Bots, http://www.aqtronix.com/?PageID=114
  • 92. WebKnight Robots.xml  Webknight has a Robots.xml just to configure for this effort:
  • 94. Configuring WebKnight  Configuring WebKnight is mostly a combination of going between testing the site for desired results, looking at WebKnight’s Log Analysis to validate if the desired results match perceived results,a and using the WebKnight Configuration tool to change the results until they meet the desired outcome.  Always stop/start IIS after the changes.  WebKnight has preview settings to look at online http://www.aqtronix.com/WebKnight/Manual/WebKnight.xml  Make sure you edit the file WebKnight.xml and NOT Loaded.xml (this last one is for debugging and to see what is loaded in memory).
  • 95. WebKnight  Looking back at WebKnight, the shadow.txtbox.gif appears as a shadow file and was blocked.
  • 96. WebKnight  We set WebKnight to temporarily allow all files as test and Soap calls. Wait a minute for it to load as a Loaded.XML.
  • 97. WebKnight  Now we can log in.
  • 98. WebKnight  And SQL Injection is blocked.
  • 99. WebKnight  Logging Only, instead of blocking, set the Incident Response section to “Response Log Only”.
  • 100. SQL Injection  Joe Vilella will Login OK without a Username and Password.
  • 101. SQL Injection  Joe Vilella will Login OK without a Username and Password.
  • 103. Configuring WebKnight  Ensure that WebKnight is in Logging Only mode from the last exercise.  Ensure that Netsparker is installed, if not install it from the “My Documents” directory. It will require the .NET 3.5 framework.
  • 104. Start scanning with Netsparker
  • 105. If you are in Logging Only mode  If in Logging Only Mode, Netsparker will report many issues with the Hacme site.  The WebKnight logs will have many alerts in it from NetSparker attacking IIS.
  • 106. Turn off the Logging Only mode  Double check by both checking the Loaded.xml and test the site for SQLInjection.
  • 107. Rescan with the Logging Only mode off
  • 108. The scan is cleaner  If there is time, we can go through the WebKnight.xml, change some settings, test, and continue to reconfigure WebKnight to get the optimal results.
  • 110. Final Thoughts  Are there any Questions?  Feel free to contact me at rich.helton@state.co.us  Also, always only try these tools with your own test site or with permission of the system owner.