Hands-On ModSecurity and Logging

Hands-On ModSecurity and Logging Philipp Krenn @xeraa

Let’s talk about security… @xeraa

@xeraa

A1:2017-Injection https://www.owasp.org/index.php/ Top_10-2017_Top_10 @xeraa

A10:2017-Insufficient Logging & Monitoring https://www.owasp.org/index.php/ Top_10-2017_Top_10 @xeraa

@xeraa

Developer @xeraa

Disclaimer I build highly monitored Hello World apps @xeraa

Hello World of SQL Injection: https://xeraa.wtf @xeraa

https://xeraa.wtf/read.php?id=1 @xeraa

@xeraa

Injection ;INSERT INTO employees (id,name,city,salary) VALUES (4,’test’,’test’,10000) @xeraa

@xeraa

What’s going on in our app? @xeraa

DELETE or DROP? @xeraa

@xeraa

Custom Rule SecRule REQUEST_FILENAME “form.php” “id:’400001’,chain,deny,log,msg:’Spam detected’” SecRule REQUEST_METHOD “POST” chain SecRule REQUEST_BODY “@rx (?i:(pills|insurance|rolex))” @xeraa

Conclusion @xeraa

Examples https://github.com/xeraa/mod_security-log @xeraa

Code Logging ModSecurity @xeraa

Questions? Philipp Krenn @xeraa @xeraa