Hands-On ModSecurity and Logging

A presentation at commerce.talks Berlin in April 2019 in Berlin, Germany by Philipp Krenn

Slide 1

Slide 1

Hands-On ModSecurity and Logging Philipp Krenn @xeraa

Slide 2

Slide 2

Let’s talk about security… @xeraa

Slide 3

Slide 3

@xeraa

Slide 4

Slide 4

A1:2017-Injection https://www.owasp.org/index.php/ Top_10-2017_Top_10 @xeraa

Slide 5

Slide 5

A10:2017-Insufficient Logging & Monitoring https://www.owasp.org/index.php/ Top_10-2017_Top_10 @xeraa

Slide 6

Slide 6

@xeraa

Slide 7

Slide 7

Developer @xeraa

Slide 8

Slide 8

Disclaimer I build highly monitored Hello World apps @xeraa

Slide 9

Slide 9

Hello World of SQL Injection: https://xeraa.wtf @xeraa

Slide 10

Slide 10

https://xeraa.wtf/read.php?id=1 @xeraa

Slide 11

Slide 11

@xeraa

Slide 12

Slide 12

@xeraa

Slide 13

Slide 13

Injection ;INSERT INTO employees (id,name,city,salary) VALUES (4,’test’,’test’,10000) @xeraa

Slide 14

Slide 14

Slide 15

Slide 15

Slide 16

Slide 16

@xeraa

Slide 17

Slide 17

Slide 18

Slide 18

@xeraa

Slide 19

Slide 19

@xeraa

Slide 20

Slide 20

@xeraa

Slide 21

Slide 21

Slide 22

Slide 22

What’s going on in our app? @xeraa

Slide 23

Slide 23

DELETE or DROP? @xeraa

Slide 24

Slide 24

@xeraa

Slide 25

Slide 25

Custom Rule SecRule REQUEST_FILENAME “form.php” “id:’400001’,chain,deny,log,msg:’Spam detected’” SecRule REQUEST_METHOD “POST” chain SecRule REQUEST_BODY “@rx (?i:(pills|insurance|rolex))” @xeraa

Slide 26

Slide 26

Conclusion @xeraa

Slide 27

Slide 27

Examples https://github.com/xeraa/mod_security-log @xeraa

Slide 28

Slide 28

Code Logging ModSecurity @xeraa

Slide 29

Slide 29

Questions? Philipp Krenn @xeraa @xeraa