Web Application Security Training

• Understand the Integrate with Apache
• Learn how to install as well as Configure ModSecurity
• Know all about: Performance, Virtual Patches and Audit logs
• Develop understanding on Blocking General Attacks
• Learn how to write Rules in ModSecurity
• How to protect the Web Applications using different mechanisms?
• What are Chroot Jails?
• REMO - Create and modify rules

• IT professionals willing to learn ModSecurity skill so that they could ensure the security of the organization's information assets.

• Basic of Web Application Security Issues.
• Knowledge of the basics of TCP/IP Network Operation.
• Understanding of the common web technologies and services is required

1. Installation and Configuration

• Unpacking the source code
• Required additional libraries and files
• Compilation
• Testing your installation

2. Integrating ModSecurity with Apache

• Integrating ModSecurity with Apache
• Configuration file
• Completing the configuration

3 . Writing Mod Security Rules

• Variables and collections
• Creating chained rules
• Using @rx to block a remote host
• Simple string matching
• Matching numbers
• More about collections
• Transformation functions
• Phases and rule ordering
• Actions—what to do when a rule matches
• Macro expansion
• SecRule in practice
• SecRule in practice
• Blocking uncommon request methods
• Restricting access to certain times of day
• Detecting credit card leaks
• Detecting credit card numbers
• Executing shell scripts
  • Sending alert emails
  • Sending more detailed alert emails
  • Counting file downloads
  • Blocking brute-force password guessing

4  . Performance

• A typical HTTP request
• A real-world performance test
• The core rule set
• Installing the core rule set
• ModSecurity without any loaded rules
• ModSecurity with the core ruleset loaded
• Optimizing performance

5 . Audit Logging

• Enabling the audit log engine
• Single versus multiple file logging
• Determining what to log
• Log format
• Concurrent logging
• Selectively disabling logging
• Audit log sanitization actions
• The ModSecurity Console

6 . Virtual Patching

• Creating a virtual patch
• From vulnerability discovery to virtual patch:

• Creating the patch
• Changing the web application for additional security
• Testing your patches
• Cross-site scripting

7 . Blocking Common Attacks

• HTTP fingerprinting
  • How HTTP fingerprinting works
    • Server banner
    • Response header
    • HTTP protocol responses
  • Using ModSecurity to defeat HTTP fingerprinting
• Blocking proxied requests

• Cross-site scripting
• Preventing XSS attacks
• PDF XSS protection
  • Http Only cookies to prevent XSS attacks
• Cross-site request forgeries
  • Protecting against cross-site request forgeries
• Shell command execution attempts
• Null byte attacks
  • ModSecurity and null bytes
• Source code revelation
• Directory traversal attacks
• Blog spam
• SQL injection
• Preventing SQL injection attacks
• Website defacement
• Brute force attacks
• Directory indexing
• Detecting the real IP address of an attacker

8 . Chroot Jails

• What is a chroot jail?
• A sample attack
• Traditional chrooting
• How ModSecurity helps jailing Apache
• Using ModSecurity to create a chroot jail
• Verifying that the jail works
• Chroot caveats

9 . REMO

• Remo rules
• Creating and editing rules
• Installing the rules

10. Protecting a Web Application

• Step 1: Identifying user actions
• Step 2: Getting detailed information on each action
• Step 3: Writing rules
• Step 4: Testing the new ruleset
• Blocking what's allowed—denying everything else
• Cookies
• Headers
• Securing the "Start New Topic" action
• The ruleset so far
• The finished ruleset
• Alternative approaches
• Keeping everything up to date

11. Securing Web Goat (Vulnerable Web Application) with MODSECURITY