SlideShare une entreprise Scribd logo

Triển khai Modsecurity vào hệ thống NMS - Quan Minh Tâm

Télécharger en tant que PPTX, PDF
Security Bootcamp
Security Bootcamp

Triển khai Modsecurity vào hệ thống NMS - Quan Minh Tâm

Présentations et discours publics
1  sur  47
MODSECURITY ELK If we do not wish to fight we can prevent! {
ModSecurity Security Bootcamp 2014 2
*log Security Bootcamp 2014 3
ELK Security Bootcamp 2014 4
ModSecurity Ryan C. Barnett ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the "Swiss Army Knife" of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections. Blackhat Arsenal 2014 Security Bootcamp 2014 5
Surviving D-Day Omaha Beach 1944 Security Bootcamp 2014 6
Surviving D-Day Omaha Beach 1944  Fake tank  Fake aircraft  Fake Napoli (Egypt)  Fake …… Security Bootcamp 2014 7
HoneyTraps with ModSecurity http://map.honeycloud.net/ Security Bootcamp 2014 8
1.Real-time Application Profiling Security Bootcamp 2014 9
Real-time Application Profiling  Request method(s)  Number of parameters (minimum/maximum range)  Parameter names  Parameter lengths (minimum/maximum range)  Parameter types  Flag (such as /path/to/foo.php?param)  Digits (such as /path/to/foo.php?param=1234)  Alpha (such as /path/to/foo.php?param=abcd)  Alphanumeric (such as /path/to/foo.php?param=abcd1234)  E-mail (such as /path/to/foo.php?param=foo@bar.com)  Path (such as /path/to/foo.php?param=/dir/somefile.txt)  URL (such as /path/to/foo.php?param=http://somehost/dir/file.txt)  SafeText (such as /path/to/foo.php?param=some_data-12) Security Bootcamp 2014 10
Real-time Application Profiling Security Bootcamp 2014 11
Post-Process Profiling Security Bootcamp 2014 12
4 scenarios  If the HTTP response code is 404, the resource doesn’t exist. In this case, not only do we skip the profiling, but we also remove the resource key, so we delete the persistent storage. This is achieved by using the setvar:!resource.KEY action.  If the HTTP response code is either level 4xx or level 5xx, the application says something is wrong with the transaction, so we won’t profile it in this case either.  The OWASP ModSecurity Core Rule Set (CRS) can use anomaly scoring. We can check this transactional anomaly score. If it is anything other than 0, we should skip profiling.  Finally, we have already seen enough traffic for our profiling model and are currently in enforcement mode, so we skip profiling. Security Bootcamp 2014 13
2. Hacker Traps Security Bootcamp 2014 14
Hacker Traps  Unused Web Ports  Fake robots.txt Disallow Entries  Fake HTML comments  Fake hidden form fields  Fake cookies Security Bootcamp 2014 15
Hacker Traps Unused Web Ports Security Bootcamp 2014 16
Hacker Traps Fake robots.txt Disallow Entries Security Bootcamp 2014 17
Hacker Traps Fake HTML comments Security Bootcamp 2014 18
Hacker Traps Fake HTML comments Security Bootcamp 2014 19
Hacker Traps Fake hidden form fields Security Bootcamp 2014 20
Hacker Traps Fake cookies Security Bootcamp 2014 21
Hacker Traps Fake cookies Security Bootcamp 2014 22
3a. Self-Contained vs. Collaborative Detection Security Bootcamp 2014 23
Self-Contained vs. Collaborative Detection Self-Contained Collaborative Security Bootcamp 2014 24
Anomaly Scoring Threshold Levels Security Bootcamp 2014 25
3b. Inbound/Outbound Correlation Security Bootcamp 2014 26
Correlation  Did an inbound attack occur?  Did an HTTP response status code error (4xx/5xx level) occur?  Did an application information leakage event occur? Security Bootcamp 2014 27
Correlation If an inbound attack was detected, and either an outbound application status codeerror or information leakage event was detected, the overall event severity is raised to one of the following:  • 0, EMERGENCY, is generated from correlation of anomaly scoring data where an inbound attack and an outbound leakage exist.  • 1, ALERT, is generated from correlation where an inbound attack and an outbound application-level error exist. Security Bootcamp 2014 28
4. Detecting Malicious Links Security Bootcamp 2014 29
Detecting Malicious Links  URI Blacklist RBL6  Google’s Safe Browsing API7  ModSecurity  @rbl operator  @gsbLookup operator  @rsub operator  SecGsbLookupDb directive  SecStreamOutBodyInspection directive  SecContentInjection directive  STREAM_OUTPUT_BODY variable Security Bootcamp 2014 30
5. Normalizing Unicode Security Bootcamp 2014 31
Normalizing Unicode  Best-Fit Mapping  Detecting Use of Full-/Half-Width Unicode Security Bootcamp 2014 32
Best-Fit Mapping %u3008scr%u0131pt%u3009%u212fval(%uFF07al%u212Frt(%22XSS%22)%u02C8)%u23 29/scr%u0131pt%u232A 〈(0x2329) ~= <(0x3c) 〈(0x3008) ~= <(0x3c) <(0xff1c) ~= <(0x3c) ʹ(0x2b9) ~= '(0x27) ʼ(0x2bc) ~= '(0x27) ˈ(0x2c8) ~= '(0x27) ′(0x2032) ~= '(0x27) '(0xff07) ~= '(0x27) Security Bootcamp 2014 33
Unicode Mapping Security Bootcamp 2014 34
Unicode Mapping Security Bootcamp 2014 35
Full-/Half-Width Unicode Security Bootcamp 2014 36
6. Abnormal Header Ordering Security Bootcamp 2014 37
Passive OS fingerprinting Security Bootcamp 2014 38
7. Detecting Page Title Changes Security Bootcamp 2014 39
Detecting Page Title Changes Security Bootcamp 2014 40
8. Web Client Device Fingerprinting Security Bootcamp 2014 41
Web Client Device Fingerprinting Security Bootcamp 2014 42
9. Slowing Down Automated Attack Tools Security Bootcamp 2014 43
Slowing Down Automated Attack Tools Security Bootcamp 2014 44
NSM Logstash Elasticsearch Kibana No code required Real-time analysis of streaming data Highly scalable Open source, community driven Security Bootcamp 2014 45
DEMO Security Bootcamp 2014 46
“ ” Thank you! Question, huh? FPT TELECOM Security Bootcamp 2014 47

Recommandé

Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationNguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationSecurity Bootcamp
 
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp
 
HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisHackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisAntonio Parata
 
Neoito — Secure coding practices
Neoito — Secure coding practicesNeoito — Secure coding practices
Neoito — Secure coding practicesNeoito
 
.NET for hackers
.NET for hackers.NET for hackers
.NET for hackersAntonio Parata
 
Malware Detection With Multiple Features
Malware Detection With Multiple FeaturesMalware Detection With Multiple Features
Malware Detection With Multiple FeaturesMuhammad Najmi Ahmad Zabidi
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSecuRing
 
На страже ваших денег и данных
На страже ваших денег и данныхНа страже ваших денег и данных
На страже ваших денег и данныхPositive Hack Days
 

Recommandé

Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationNguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationSecurity Bootcamp
 
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn Việt
Security Bootcamp 2013 - Automated malware analysis - Nguyễn Chấn ViệtSecurity Bootcamp
 
HackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisHackInBo2k16 - Threat Intelligence and Malware Analysis
HackInBo2k16 - Threat Intelligence and Malware AnalysisAntonio Parata
 
Neoito — Secure coding practices
Neoito — Secure coding practicesNeoito — Secure coding practices
Neoito — Secure coding practicesNeoito
 
.NET for hackers
.NET for hackers.NET for hackers
.NET for hackersAntonio Parata
 
Malware Detection With Multiple Features
Malware Detection With Multiple FeaturesMalware Detection With Multiple Features
Malware Detection With Multiple FeaturesMuhammad Najmi Ahmad Zabidi
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSecuRing
 
На страже ваших денег и данных
На страже ваших денег и данныхНа страже ваших денег и данных
На страже ваших денег и данныхPositive Hack Days
 
Art of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoArt of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoPichaya Morimoto
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with phpMohmad Feroz
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngVõ Thái Lâm
 
Waf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScriptWaf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScriptDenis Kolegov
 
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and DefensesOWASP
 
Внедрение безопасности в веб-приложениях в среде выполнения
Внедрение безопасности в веб-приложениях в среде выполненияВнедрение безопасности в веб-приложениях в среде выполнения
Внедрение безопасности в веб-приложениях в среде выполненияPositive Hack Days
 
Secure PHP Coding
Secure PHP CodingSecure PHP Coding
Secure PHP CodingNarudom Roongsiriwong, CISSP
 
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...Ivan Piskunov
 
Indicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradicationIndicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradicationMichael Boman
 
How to drive a malware analyst crazy
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazyMichael Boman
 
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesMMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesCyphort
 
Automating Malware Analysis
Automating Malware AnalysisAutomating Malware Analysis
Automating Malware Analysissecurityxploded
 
Super1
Super1Super1
Super1neelakanteswarreddy
 
The Future of Automated Malware Generation
The Future of Automated Malware GenerationThe Future of Automated Malware Generation
The Future of Automated Malware GenerationStephan Chenette
 
B-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive DefenseB-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive DefenseStephan Chenette
 
Secure Coding in C/C++
Secure Coding in C/C++Secure Coding in C/C++
Secure Coding in C/C++Dan-Claudiu Dragoș
 
Challenges in High Accuracy of Malware Detection
Challenges in High Accuracy of Malware DetectionChallenges in High Accuracy of Malware Detection
Challenges in High Accuracy of Malware DetectionMuhammad Najmi Ahmad Zabidi
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Moataz Kamel
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter HimselfSergey Soldatov
 
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionApplication and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionDaniel Owens
 
Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc DuyHướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc DuySecurity Bootcamp
 
Chu nhat 02 luu thanh tra e-prior e-trust
Chu nhat 02 luu thanh tra e-prior e-trustChu nhat 02 luu thanh tra e-prior e-trust
Chu nhat 02 luu thanh tra e-prior e-trustSecurity Bootcamp
 

Contenu connexe

Tendances

Art of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoArt of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoPichaya Morimoto
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with phpMohmad Feroz
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngVõ Thái Lâm
 
Waf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScriptWaf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScriptDenis Kolegov
 
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and DefensesOWASP
 
Внедрение безопасности в веб-приложениях в среде выполнения
Внедрение безопасности в веб-приложениях в среде выполненияВнедрение безопасности в веб-приложениях в среде выполнения
Внедрение безопасности в веб-приложениях в среде выполненияPositive Hack Days
 
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...Ivan Piskunov
 
Indicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradicationIndicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradicationMichael Boman
 
How to drive a malware analyst crazy
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazyMichael Boman
 
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesMMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesCyphort
 
Automating Malware Analysis
Automating Malware AnalysisAutomating Malware Analysis
Automating Malware Analysissecurityxploded
 
The Future of Automated Malware Generation
The Future of Automated Malware GenerationThe Future of Automated Malware Generation
The Future of Automated Malware GenerationStephan Chenette
 
B-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive DefenseB-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive DefenseStephan Chenette
 
Challenges in High Accuracy of Malware Detection
Challenges in High Accuracy of Malware DetectionChallenges in High Accuracy of Malware Detection
Challenges in High Accuracy of Malware DetectionMuhammad Najmi Ahmad Zabidi
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Moataz Kamel
 
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionApplication and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionDaniel Owens
 

Tendances (20)

Art of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya MorimotoArt of Web Backdoor - Pichaya Morimoto
Art of Web Backdoor - Pichaya Morimoto
 
Secure programming with php
Secure programming with phpSecure programming with php
Secure programming with php
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn Cường
 
Waf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScriptWaf.js: How to Protect Web Applications using JavaScript
Waf.js: How to Protect Web Applications using JavaScript
 
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
[OPD 2019] Side-Channels on the Web:
Attacks and Defenses
 
Внедрение безопасности в веб-приложениях в среде выполнения
Внедрение безопасности в веб-приложениях в среде выполненияВнедрение безопасности в веб-приложениях в среде выполнения
Внедрение безопасности в веб-приложениях в среде выполнения
 
Secure PHP Coding
Secure PHP CodingSecure PHP Coding
Secure PHP Coding
 
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
Современные технологии и инструменты анализа вредоносного ПО_PHDays_2017_Pisk...
 
Indicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradicationIndicators of compromise: From malware analysis to eradication
Indicators of compromise: From malware analysis to eradication
 
How to drive a malware analyst crazy
How to drive a malware analyst crazyHow to drive a malware analyst crazy
How to drive a malware analyst crazy
 
MMW Anti-Sandbox Techniques
MMW Anti-Sandbox TechniquesMMW Anti-Sandbox Techniques
MMW Anti-Sandbox Techniques
 
Automating Malware Analysis
Automating Malware AnalysisAutomating Malware Analysis
Automating Malware Analysis
 
Super1
Super1Super1
Super1
 
The Future of Automated Malware Generation
The Future of Automated Malware GenerationThe Future of Automated Malware Generation
The Future of Automated Malware Generation
 
B-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive DefenseB-Sides Seattle 2012 Offensive Defense
B-Sides Seattle 2012 Offensive Defense
 
Secure Coding in C/C++
Secure Coding in C/C++Secure Coding in C/C++
Secure Coding in C/C++
 
Challenges in High Accuracy of Malware Detection
Challenges in High Accuracy of Malware DetectionChallenges in High Accuracy of Malware Detection
Challenges in High Accuracy of Malware Detection
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
A Threat Hunter Himself
A Threat Hunter HimselfA Threat Hunter Himself
A Threat Hunter Himself
 
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionApplication and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental Edition
 

En vedette

Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc DuyHướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc DuySecurity Bootcamp
 
Chu nhat 02 luu thanh tra e-prior e-trust
Chu nhat 02 luu thanh tra e-prior e-trustChu nhat 02 luu thanh tra e-prior e-trust
Chu nhat 02 luu thanh tra e-prior e-trustSecurity Bootcamp
 
Xây dựng cộng đồng - Lê Trung Nghĩa - Bộ KHCN
Xây dựng cộng đồng - Lê Trung Nghĩa - Bộ KHCNXây dựng cộng đồng - Lê Trung Nghĩa - Bộ KHCN
Xây dựng cộng đồng - Lê Trung Nghĩa - Bộ KHCNSecurity Bootcamp
 
Thu 6 03 bootcamp 2014 - xxe injection - nguyen tang hung
Thu 6 03 bootcamp 2014 - xxe injection - nguyen tang hungThu 6 03 bootcamp 2014 - xxe injection - nguyen tang hung
Thu 6 03 bootcamp 2014 - xxe injection - nguyen tang hungSecurity Bootcamp
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngSecurity Bootcamp
 
Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtSecurity Bootcamp
 
Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...
Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...
Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...Security Bootcamp
 
Khai thác lỗi phần mềm thi chứng chỉ của Microsoft - Phạm Đình Thắng
Khai thác lỗi phần mềm thi chứng chỉ của Microsoft - Phạm Đình ThắngKhai thác lỗi phần mềm thi chứng chỉ của Microsoft - Phạm Đình Thắng
Khai thác lỗi phần mềm thi chứng chỉ của Microsoft - Phạm Đình ThắngSecurity Bootcamp
 
Võ Nhân Văn - Tối ưu hóa hạ tầng và đảm bảo attt trong ngành ngân hàng
Võ Nhân Văn - Tối ưu hóa hạ tầng và đảm bảo attt trong ngành ngân hàngVõ Nhân Văn - Tối ưu hóa hạ tầng và đảm bảo attt trong ngành ngân hàng
Võ Nhân Văn - Tối ưu hóa hạ tầng và đảm bảo attt trong ngành ngân hàngSecurity Bootcamp
 
Thu 6 04 advance penetration test with armitage
Thu 6 04 advance penetration test with armitageThu 6 04 advance penetration test with armitage
Thu 6 04 advance penetration test with armitageSecurity Bootcamp
 
Sử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng DươngSử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng DươngSecurity Bootcamp
 
Đặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nước
Đặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nướcĐặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nước
Đặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nướcSecurity Bootcamp
 
NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh Đức
NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh ĐứcNETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh Đức
NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh ĐứcSecurity Bootcamp
 
Tình hình ANTT ở Việt Nam - Lê Công Phú - CMC Infosec
Tình hình ANTT ở Việt Nam - Lê Công Phú - CMC InfosecTình hình ANTT ở Việt Nam - Lê Công Phú - CMC Infosec
Tình hình ANTT ở Việt Nam - Lê Công Phú - CMC InfosecSecurity Bootcamp
 
Security Bootcamp 2013 penetration testing (basic)
Security Bootcamp 2013 penetration testing (basic)Security Bootcamp 2013 penetration testing (basic)
Security Bootcamp 2013 penetration testing (basic)Security Bootcamp
 
Security Bootcamp 2013 - Định hướng công việc ngành ATTT - Nguyễn Hải Long
Security Bootcamp 2013 - Định hướng công việc ngành ATTT - Nguyễn Hải LongSecurity Bootcamp 2013 - Định hướng công việc ngành ATTT - Nguyễn Hải Long
Security Bootcamp 2013 - Định hướng công việc ngành ATTT - Nguyễn Hải LongSecurity Bootcamp
 
Lê Trung Nghĩa - Suggestions after VNA attack with template
Lê Trung Nghĩa - Suggestions after VNA attack with templateLê Trung Nghĩa - Suggestions after VNA attack with template
Lê Trung Nghĩa - Suggestions after VNA attack with templateSecurity Bootcamp
 
Nguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISONguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISOSecurity Bootcamp
 
Pham Ngọc Bắc - An toàn thông tin dưới góc nhìn Quản lý theo tiêu chuẩn Quốc...
Pham Ngọc Bắc - An toàn thông tin dưới góc nhìn Quản lý theo tiêu chuẩn Quốc...Pham Ngọc Bắc - An toàn thông tin dưới góc nhìn Quản lý theo tiêu chuẩn Quốc...
Pham Ngọc Bắc - An toàn thông tin dưới góc nhìn Quản lý theo tiêu chuẩn Quốc...Security Bootcamp
 

En vedette (20)

Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc DuyHướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
Hướng nghiên cứu mới cho ngành mật mã nước nhà - TS Hồ Ngọc Duy
 
Chu nhat 02 luu thanh tra e-prior e-trust
Chu nhat 02 luu thanh tra e-prior e-trustChu nhat 02 luu thanh tra e-prior e-trust
Chu nhat 02 luu thanh tra e-prior e-trust
 
Xây dựng cộng đồng - Lê Trung Nghĩa - Bộ KHCN
Xây dựng cộng đồng - Lê Trung Nghĩa - Bộ KHCNXây dựng cộng đồng - Lê Trung Nghĩa - Bộ KHCN
Xây dựng cộng đồng - Lê Trung Nghĩa - Bộ KHCN
 
Thu 6 03 bootcamp 2014 - xxe injection - nguyen tang hung
Thu 6 03 bootcamp 2014 - xxe injection - nguyen tang hungThu 6 03 bootcamp 2014 - xxe injection - nguyen tang hung
Thu 6 03 bootcamp 2014 - xxe injection - nguyen tang hung
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn Cường
 
Finfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn ViệtFinfisher- Nguyễn Chấn Việt
Finfisher- Nguyễn Chấn Việt
 
Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...
Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...
Tấn công và khai thác mạng máy tính theo mô hình thường trực cao cấp APT - Lê...
 
Khai thác lỗi phần mềm thi chứng chỉ của Microsoft - Phạm Đình Thắng
Khai thác lỗi phần mềm thi chứng chỉ của Microsoft - Phạm Đình ThắngKhai thác lỗi phần mềm thi chứng chỉ của Microsoft - Phạm Đình Thắng
Khai thác lỗi phần mềm thi chứng chỉ của Microsoft - Phạm Đình Thắng
 
Phan Phú Thuận - VNCERT
Phan Phú Thuận - VNCERTPhan Phú Thuận - VNCERT
Phan Phú Thuận - VNCERT
 
Võ Nhân Văn - Tối ưu hóa hạ tầng và đảm bảo attt trong ngành ngân hàng
Võ Nhân Văn - Tối ưu hóa hạ tầng và đảm bảo attt trong ngành ngân hàngVõ Nhân Văn - Tối ưu hóa hạ tầng và đảm bảo attt trong ngành ngân hàng
Võ Nhân Văn - Tối ưu hóa hạ tầng và đảm bảo attt trong ngành ngân hàng
 
Thu 6 04 advance penetration test with armitage
Thu 6 04 advance penetration test with armitageThu 6 04 advance penetration test with armitage
Thu 6 04 advance penetration test with armitage
 
Sử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng DươngSử dụng TLS đúng cách - Phạm Tùng Dương
Sử dụng TLS đúng cách - Phạm Tùng Dương
 
Đặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nước
Đặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nướcĐặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nước
Đặng Hải Sơn - Báo cáo tình hình An toàn thông tin trong các cơ quan nhà nước
 
NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh Đức
NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh ĐứcNETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh Đức
NETWORK SECURITY MONITORING WITH BIG DATA ANALYTICS - Nguyễn Minh Đức
 
Tình hình ANTT ở Việt Nam - Lê Công Phú - CMC Infosec
Tình hình ANTT ở Việt Nam - Lê Công Phú - CMC InfosecTình hình ANTT ở Việt Nam - Lê Công Phú - CMC Infosec
Tình hình ANTT ở Việt Nam - Lê Công Phú - CMC Infosec
 
Security Bootcamp 2013 penetration testing (basic)
Security Bootcamp 2013 penetration testing (basic)Security Bootcamp 2013 penetration testing (basic)
Security Bootcamp 2013 penetration testing (basic)
 
Security Bootcamp 2013 - Định hướng công việc ngành ATTT - Nguyễn Hải Long
Security Bootcamp 2013 - Định hướng công việc ngành ATTT - Nguyễn Hải LongSecurity Bootcamp 2013 - Định hướng công việc ngành ATTT - Nguyễn Hải Long
Security Bootcamp 2013 - Định hướng công việc ngành ATTT - Nguyễn Hải Long
 
Lê Trung Nghĩa - Suggestions after VNA attack with template
Lê Trung Nghĩa - Suggestions after VNA attack with templateLê Trung Nghĩa - Suggestions after VNA attack with template
Lê Trung Nghĩa - Suggestions after VNA attack with template
 
Nguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISONguyễn Tấn Vi - office of the CISO
Nguyễn Tấn Vi - office of the CISO
 
Pham Ngọc Bắc - An toàn thông tin dưới góc nhìn Quản lý theo tiêu chuẩn Quốc...
Pham Ngọc Bắc - An toàn thông tin dưới góc nhìn Quản lý theo tiêu chuẩn Quốc...Pham Ngọc Bắc - An toàn thông tin dưới góc nhìn Quản lý theo tiêu chuẩn Quốc...
Pham Ngọc Bắc - An toàn thông tin dưới góc nhìn Quản lý theo tiêu chuẩn Quốc...
 

Similaire à Triển khai Modsecurity vào hệ thống NMS - Quan Minh Tâm

Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 securityxploded
 
The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...Priyanka Aash
 
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...OWASP
 
Methods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngMethods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngDmitry Evteev
 
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Cysinfo Cyber Security Community
 
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisChong-Kuan Chen
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYSylvain Martinez
 
Verification of Security for Untrusted Third Party IP Cores
Verification of Security for Untrusted Third Party IP CoresVerification of Security for Untrusted Third Party IP Cores
Verification of Security for Untrusted Third Party IP CoresIRJET Journal
 
Securing TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APISecuring TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APIKevin Hakanson
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentStefano Maccaglia
 
Automotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerAutomotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerForAllSecure
 
Enterprise Mobile Security and OWASP Compliance
Enterprise Mobile Security and OWASP ComplianceEnterprise Mobile Security and OWASP Compliance
Enterprise Mobile Security and OWASP ComplianceAlec Tucker
 
Semi-Automated Security Testing of Web applications
Semi-Automated Security Testing of Web applicationsSemi-Automated Security Testing of Web applications
Semi-Automated Security Testing of Web applicationsRam G Athreya
 
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisThreats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisIan G
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisAbdulrahman Bassam
 
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...Felipe Prado
 
The Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecurityThe Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecuritySkycure
 

Similaire à Triển khai Modsecurity vào hệ thống NMS - Quan Minh Tâm (20)

Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1 Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
Advanced Malware Analysis Training Session 2 - Botnet Analysis Part 1
 
The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...The Art of defence: How vulnerabilites help shape security features and mitig...
The Art of defence: How vulnerabilites help shape security features and mitig...
 
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
OWASP Poland Day 2018 - Pedro Fortuna - Are your Java Script based protection...
 
Methods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngMethods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall Eng
 
Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1Advanced malwareanalysis training session2 botnet analysis part1
Advanced malwareanalysis training session2 botnet analysis part1
 
Gunadarma workshop security
Gunadarma workshop securityGunadarma workshop security
Gunadarma workshop security
 
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware AnalysisInside the Matrix,How to Build Transparent Sandbox for Malware Analysis
Inside the Matrix,How to Build Transparent Sandbox for Malware Analysis
 
PROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITYPROGRAMMING AND CYBER SECURITY
PROGRAMMING AND CYBER SECURITY
 
Verification of Security for Untrusted Third Party IP Cores
Verification of Security for Untrusted Third Party IP CoresVerification of Security for Untrusted Third Party IP Cores
Verification of Security for Untrusted Third Party IP Cores
 
Securing TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography APISecuring TodoMVC Using the Web Cryptography API
Securing TodoMVC Using the Web Cryptography API
 
Owasp masvs spain 17
Owasp masvs spain 17Owasp masvs spain 17
Owasp masvs spain 17
 
Jump-Start The MASVS
Jump-Start The MASVSJump-Start The MASVS
Jump-Start The MASVS
 
BSides IR in Heterogeneous Environment
BSides IR in Heterogeneous EnvironmentBSides IR in Heterogeneous Environment
BSides IR in Heterogeneous Environment
 
Automotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a HackerAutomotive Cybersecurity: Test Like a Hacker
Automotive Cybersecurity: Test Like a Hacker
 
Enterprise Mobile Security and OWASP Compliance
Enterprise Mobile Security and OWASP ComplianceEnterprise Mobile Security and OWASP Compliance
Enterprise Mobile Security and OWASP Compliance
 
Semi-Automated Security Testing of Web applications
Semi-Automated Security Testing of Web applicationsSemi-Automated Security Testing of Web applications
Semi-Automated Security Testing of Web applications
 
Threats, Threat Modeling and Analysis
Threats, Threat Modeling and AnalysisThreats, Threat Modeling and Analysis
Threats, Threat Modeling and Analysis
 
Reversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysisReversing & malware analysis training part 12 rootkit analysis
Reversing & malware analysis training part 12 rootkit analysis
 
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
DEF CON 27 - workshop ANTHONY ROSE - introduction to amsi bypasses and sandbo...
 
The Four Horsemen of Mobile Security
The Four Horsemen of Mobile SecurityThe Four Horsemen of Mobile Security
The Four Horsemen of Mobile Security
 

Plus de Security Bootcamp

Ransomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfSecurity Bootcamp
 
Hieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurityHieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecuritySecurity Bootcamp
 
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewNguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewSecurity Bootcamp
 
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe moSbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe moSecurity Bootcamp
 
Giam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdrGiam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdrSecurity Bootcamp
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-wantSecurity Bootcamp
 
Macro malware common techniques - public
Macro malware common techniques - publicMacro malware common techniques - public
Macro malware common techniques - publicSecurity Bootcamp
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learningSecurity Bootcamp
 
Tim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cuTim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cuSecurity Bootcamp
 
Threat detection with 0 cost
Threat detection with 0 costThreat detection with 0 cost
Threat detection with 0 costSecurity Bootcamp
 
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectoryGOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectorySecurity Bootcamp
 
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018Security Bootcamp
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksSecurity Bootcamp
 
Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018Security Bootcamp
 

Plus de Security Bootcamp (20)

Ransomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdfRansomware is Knocking your Door_Final.pdf
Ransomware is Knocking your Door_Final.pdf
 
Hieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurityHieupc-The role of psychology in enhancing cybersecurity
Hieupc-The role of psychology in enhancing cybersecurity
 
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s viewNguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
Nguyen Huu Trung - Building a web vulnerability scanner - From a hacker’s view
 
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe moSbc 2020 bao gio vn co anm dua vao cong nghe mo
Sbc 2020 bao gio vn co anm dua vao cong nghe mo
 
Deception change-the-game
Deception change-the-gameDeception change-the-game
Deception change-the-game
 
Giam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdrGiam sat thu dong thong tin an toan hang hai su dung sdr
Giam sat thu dong thong tin an toan hang hai su dung sdr
 
Sbc2019 luong-cyber startup
Sbc2019 luong-cyber startupSbc2019 luong-cyber startup
Sbc2019 luong-cyber startup
 
Insider threat-what-us-do d-want
Insider threat-what-us-do d-wantInsider threat-what-us-do d-want
Insider threat-what-us-do d-want
 
Macro malware common techniques - public
Macro malware common techniques - publicMacro malware common techniques - public
Macro malware common techniques - public
 
Malware detection-using-machine-learning
Malware detection-using-machine-learningMalware detection-using-machine-learning
Malware detection-using-machine-learning
 
Tim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cuTim dieu moi trong nhung dieu cu
Tim dieu moi trong nhung dieu cu
 
Threat detection with 0 cost
Threat detection with 0 costThreat detection with 0 cost
Threat detection with 0 cost
 
Build SOC
Build SOC Build SOC
Build SOC
 
AD red vs blue
AD red vs blueAD red vs blue
AD red vs blue
 
Securitybox
SecurityboxSecuritybox
Securitybox
 
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active DirectoryGOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
GOLDEN TICKET - Hiểm hoa tiềm ẩn trong hệ thống Active Directory
 
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
PHÂN TÍCH MỘT SỐ CUỘC TẤN CÔNG APT ĐIỂN HÌNH NHẮM VÀO VIỆT NAM 2017-2018
 
Api security-present
Api security-presentApi security-present
Api security-present
 
Lannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber AttacksLannguyen-Detecting Cyber Attacks
Lannguyen-Detecting Cyber Attacks
 
Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018Letrungnghia-gopyluananm2018
Letrungnghia-gopyluananm2018
 

Dernier

The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfSenaatti-kiinteistöt
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Hasting Chen
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Chameera Dedduwage
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Delhi Call girls
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubssamaasim06
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxraffaeleoman
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMoumonDas2
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...Sheetaleventcompany
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyPooja Nehwal
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardsticksaastr
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsaqsarehman5055
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar TrainingKylaCullinane
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaKayode Fayemi
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxNikitaBankoti2
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Vipesco
 

Dernier (20)

The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdfThe workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
The workplace ecosystem of the future 24.4.2024 Fabritius_share ii.pdf
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
 
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 97 Noida Escorts >༒8448380779 Escort Service
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptxChiulli_Aurora_Oman_Raffaele_Beowulf.pptx
Chiulli_Aurora_Oman_Raffaele_Beowulf.pptx
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptx
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 93 Noida Escorts >༒8448380779 Escort Service
 
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, YardstickSaaStr Workshop Wednesday w/ Lucas Price, Yardstick
SaaStr Workshop Wednesday w/ Lucas Price, Yardstick
 
Air breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animalsAir breathing and respiratory adaptations in diver animals
Air breathing and respiratory adaptations in diver animals
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
Report Writing Webinar Training
Report Writing Webinar TrainingReport Writing Webinar Training
Report Writing Webinar Training
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 

Triển khai Modsecurity vào hệ thống NMS - Quan Minh Tâm

  • 1. MODSECURITY ELK If we do not wish to fight we can prevent! {
  • 5. ModSecurity Ryan C. Barnett ModSecurity is an open source, cross-platform web application firewall (WAF) module. Known as the "Swiss Army Knife" of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections. Blackhat Arsenal 2014 Security Bootcamp 2014 5
  • 6. Surviving D-Day Omaha Beach 1944 Security Bootcamp 2014 6
  • 7. Surviving D-Day Omaha Beach 1944  Fake tank  Fake aircraft  Fake Napoli (Egypt)  Fake …… Security Bootcamp 2014 7
  • 8. HoneyTraps with ModSecurity http://map.honeycloud.net/ Security Bootcamp 2014 8
  • 9. 1.Real-time Application Profiling Security Bootcamp 2014 9
  • 10. Real-time Application Profiling  Request method(s)  Number of parameters (minimum/maximum range)  Parameter names  Parameter lengths (minimum/maximum range)  Parameter types  Flag (such as /path/to/foo.php?param)  Digits (such as /path/to/foo.php?param=1234)  Alpha (such as /path/to/foo.php?param=abcd)  Alphanumeric (such as /path/to/foo.php?param=abcd1234)  E-mail (such as /path/to/foo.php?param=foo@bar.com)  Path (such as /path/to/foo.php?param=/dir/somefile.txt)  URL (such as /path/to/foo.php?param=http://somehost/dir/file.txt)  SafeText (such as /path/to/foo.php?param=some_data-12) Security Bootcamp 2014 10
  • 11. Real-time Application Profiling Security Bootcamp 2014 11
  • 13. 4 scenarios  If the HTTP response code is 404, the resource doesn’t exist. In this case, not only do we skip the profiling, but we also remove the resource key, so we delete the persistent storage. This is achieved by using the setvar:!resource.KEY action.  If the HTTP response code is either level 4xx or level 5xx, the application says something is wrong with the transaction, so we won’t profile it in this case either.  The OWASP ModSecurity Core Rule Set (CRS) can use anomaly scoring. We can check this transactional anomaly score. If it is anything other than 0, we should skip profiling.  Finally, we have already seen enough traffic for our profiling model and are currently in enforcement mode, so we skip profiling. Security Bootcamp 2014 13
  • 14. 2. Hacker Traps Security Bootcamp 2014 14
  • 15. Hacker Traps  Unused Web Ports  Fake robots.txt Disallow Entries  Fake HTML comments  Fake hidden form fields  Fake cookies Security Bootcamp 2014 15
  • 16. Hacker Traps Unused Web Ports Security Bootcamp 2014 16
  • 17. Hacker Traps Fake robots.txt Disallow Entries Security Bootcamp 2014 17
  • 18. Hacker Traps Fake HTML comments Security Bootcamp 2014 18
  • 19. Hacker Traps Fake HTML comments Security Bootcamp 2014 19
  • 20. Hacker Traps Fake hidden form fields Security Bootcamp 2014 20
  • 21. Hacker Traps Fake cookies Security Bootcamp 2014 21
  • 22. Hacker Traps Fake cookies Security Bootcamp 2014 22
  • 23. 3a. Self-Contained vs. Collaborative Detection Security Bootcamp 2014 23
  • 24. Self-Contained vs. Collaborative Detection Self-Contained Collaborative Security Bootcamp 2014 24
  • 25. Anomaly Scoring Threshold Levels Security Bootcamp 2014 25
  • 26. 3b. Inbound/Outbound Correlation Security Bootcamp 2014 26
  • 27. Correlation  Did an inbound attack occur?  Did an HTTP response status code error (4xx/5xx level) occur?  Did an application information leakage event occur? Security Bootcamp 2014 27
  • 28. Correlation If an inbound attack was detected, and either an outbound application status codeerror or information leakage event was detected, the overall event severity is raised to one of the following:  • 0, EMERGENCY, is generated from correlation of anomaly scoring data where an inbound attack and an outbound leakage exist.  • 1, ALERT, is generated from correlation where an inbound attack and an outbound application-level error exist. Security Bootcamp 2014 28
  • 29. 4. Detecting Malicious Links Security Bootcamp 2014 29
  • 30. Detecting Malicious Links  URI Blacklist RBL6  Google’s Safe Browsing API7  ModSecurity  @rbl operator  @gsbLookup operator  @rsub operator  SecGsbLookupDb directive  SecStreamOutBodyInspection directive  SecContentInjection directive  STREAM_OUTPUT_BODY variable Security Bootcamp 2014 30
  • 31. 5. Normalizing Unicode Security Bootcamp 2014 31
  • 32. Normalizing Unicode  Best-Fit Mapping  Detecting Use of Full-/Half-Width Unicode Security Bootcamp 2014 32
  • 33. Best-Fit Mapping %u3008scr%u0131pt%u3009%u212fval(%uFF07al%u212Frt(%22XSS%22)%u02C8)%u23 29/scr%u0131pt%u232A 〈(0x2329) ~= <(0x3c) 〈(0x3008) ~= <(0x3c) <(0xff1c) ~= <(0x3c) ʹ(0x2b9) ~= '(0x27) ʼ(0x2bc) ~= '(0x27) ˈ(0x2c8) ~= '(0x27) ′(0x2032) ~= '(0x27) '(0xff07) ~= '(0x27) Security Bootcamp 2014 33
  • 34. Unicode Mapping Security Bootcamp 2014 34
  • 35. Unicode Mapping Security Bootcamp 2014 35
  • 37. 6. Abnormal Header Ordering Security Bootcamp 2014 37
  • 38. Passive OS fingerprinting Security Bootcamp 2014 38
  • 39. 7. Detecting Page Title Changes Security Bootcamp 2014 39
  • 40. Detecting Page Title Changes Security Bootcamp 2014 40
  • 41. 8. Web Client Device Fingerprinting Security Bootcamp 2014 41
  • 42. Web Client Device Fingerprinting Security Bootcamp 2014 42
  • 43. 9. Slowing Down Automated Attack Tools Security Bootcamp 2014 43
  • 44. Slowing Down Automated Attack Tools Security Bootcamp 2014 44
  • 45. NSM Logstash Elasticsearch Kibana No code required Real-time analysis of streaming data Highly scalable Open source, community driven Security Bootcamp 2014 45
  • 47. “ ” Thank you! Question, huh? FPT TELECOM Security Bootcamp 2014 47