Web Application Defender''s Cookbook - Battling Hackers and Protecting Users

Read more

Zusatztext 'For those that want to ensure their web sites are as secure as possible! their developers should certainly implement the delicious recipes in Web Application Defender's Cookbook.' (RSA Conference! Jan 2013) Informationen zum Autor RYAN BARNETT is a Lead Security Researcher in Trustwave's SpiderLabs Team, an advanced security team focused on penetration testing, incident response, and application security. He is the ModSecurity web application firewall project lead, a SANS Institute certified instructor, and a frequent speaker at industry conferences. Klappentext Defending your web applications against hackers and attackersThe top-selling book Web Application Hacker's Handbook showed how attackers and hackers identify and attack vulnerable live web applications. This new Web Application Defender's Cookbook is the perfect counterpoint to that book: it shows you how to defend. Authored by a highly credentialed defensive security expert, this new book details defensive security methods and can be used as courseware for training network security personnel, web server administrators, and security consultants.Each "recipe" shows you a way to detect and defend against malicious behavior and provides working code examples for the ModSecurity web application firewall module. Topics include identifying vulnerabilities, setting hacker traps, defending different access points, enforcing application flows, and much more.* Provides practical tactics for detecting web attacks and malicious behavior and defending against them* Written by a preeminent authority on web application firewall technology and web application defense tactics* Offers a series of "recipes" that include working code examples for the open-source ModSecurity web application firewall moduleFind the tools, techniques, and expert information you need to detect and respond to web application attacks with Web Application Defender's Cookbook: Battling Hackers and Protecting Users. Zusammenfassung Defending your web applications against hackers and attackers The top-selling book Web Application Hacker's Handbook showed how attackers and hackers identify and attack vulnerable live web applications. Inhaltsverzeichnis Foreword xix Introduction xxiii I Preparing the Battle Space 1 1 Application Fortification 7 Recipe 1-1: Real-time Application Profiling 7 Recipe 1-2: Preventing Data Manipulation with Cryptographic Hash Tokens 15 Recipe 1-3: Installing the OWASP ModSecurity Core Rule Set (CRS) 19 Recipe 1-4: Integrating Intrusion Detection System Signatures 33 Recipe 1-5: Using Bayesian Attack Payload Detection 38 Recipe 1-6: Enable Full HTTP Audit Logging 48 Recipe 1-7: Logging Only Relevant Transactions 52 Recipe 1-8: Ignoring Requests for Static Content 53 Recipe 1-9: Obscuring Sensitive Data in Logs 54 Recipe 1-10: Sending Alerts to a Central Log Host Using Syslog 58 Recipe 1-11: Using the ModSecurity AuditConsole 60 2 Vulnerability Identification and Remediation 67 Recipe 2-1: Passive Vulnerability Identification 70 Recipe 2-2: Active Vulnerability Identification 79 Recipe 2-3: Manual Scan Result Conversion 88 Recipe 2-4: Automated Scan Result Conversion 92 Recipe 2-5: Real-time Resource Assessments and Virtual Patching 99 3 Poisoned Pawns (Hacker Traps) 115 Recipe 3-1: Adding Honeypot Ports 116 Recipe 3-2: Adding Fake robots txt Disallow Entries 118 Recipe 3-3: Adding Fake HTML Comments 123 Recipe 3-4: Adding Fake Hidden Form Fields 128 Recipe 3-5: Adding Fake Cookies 131 II Asymmetric Warfare 137 4 Reputation and Third-Party Correlation 139 Recipe 4-1: Analyzing the Client's Geographic Location Data 141 Recipe 4-2: Identifying Suspi...

List of contents

Foreword xix
 
Introduction xxiii
 
I Preparing the Battle Space 1
 
1 Application Fortification 7
 
Recipe 1-1: Real-time Application Profiling 7
 
Recipe 1-2: Preventing Data Manipulation with Cryptographic Hash Tokens 15
 
Recipe 1-3: Installing the OWASP ModSecurity Core Rule Set (CRS) 19
 
Recipe 1-4: Integrating Intrusion Detection System Signatures 33
 
Recipe 1-5: Using Bayesian Attack Payload Detection 38
 
Recipe 1-6: Enable Full HTTP Audit Logging 48
 
Recipe 1-7: Logging Only Relevant Transactions 52
 
Recipe 1-8: Ignoring Requests for Static Content 53
 
Recipe 1-9: Obscuring Sensitive Data in Logs 54
 
Recipe 1-10: Sending Alerts to a Central Log Host Using Syslog 58
 
Recipe 1-11: Using the ModSecurity AuditConsole 60
 
2 Vulnerability Identification and Remediation 67
 
Recipe 2-1: Passive Vulnerability Identification 70
 
Recipe 2-2: Active Vulnerability Identification 79
 
Recipe 2-3: Manual Scan Result Conversion 88
 
Recipe 2-4: Automated Scan Result Conversion 92
 
Recipe 2-5: Real-time Resource Assessments and Virtual Patching 99
 
3 Poisoned Pawns (Hacker Traps) 115
 
Recipe 3-1: Adding Honeypot Ports 116
 
Recipe 3-2: Adding Fake robots.txt Disallow Entries 118
 
Recipe 3-3: Adding Fake HTML Comments 123
 
Recipe 3-4: Adding Fake Hidden Form Fields 128
 
Recipe 3-5: Adding Fake Cookies 131
 
II Asymmetric Warfare 137
 
4 Reputation and Third-Party Correlation 139
 
Recipe 4-1: Analyzing the Client's Geographic Location Data 141
 
Recipe 4-2: Identifying Suspicious Open Proxy Usage?@147
 
Recipe 4-3: Utilizing Real-time Blacklist Lookups (RBL) 150
 
Recipe 4-4: Running Your Own RBL 157
 
Recipe 4-5: Detecting Malicious Links 160
 
5 Request Data Analysis 171
 
Recipe 5-1: Request Body Access 172
 
Recipe 5-2: Identifying Malformed Request Bodies 178
 
Recipe 5-3: Normalizing Unicode 182
 
Recipe 5-4: Identifying Use of Multiple Encodings 186
 
Recipe 5-5: Identifying Encoding Anomalies 189
 
Recipe 5-6: Detecting Request Method Anomalies 193
 
Recipe 5-7: Detecting Invalid URI Data 197
 
Recipe 5-8: Detecting Request Header Anomalies 200
 
Recipe 5-9: Detecting Additional Parameters 209
 
Recipe 5-10: Detecting Missing Parameters 212
 
Recipe 5-11: Detecting Duplicate Parameter Names 214
 
Recipe 5-12: Detecting Parameter Payload Size Anomalies 216
 
Recipe 5-13: Detecting Parameter Character Class Anomalies 219
 
6 Response Data Analysis 223
 
Recipe 6-1: Detecting Response Header Anomalies 224
 
Recipe 6-2: Detecting Response Header Information Leakages 234
 
Recipe 6-3: Response Body Access 238
 
Recipe 6-4: Detecting Page Title Changes 240
 
Recipe 6-5: Detecting Page Size Deviations 243
 
Recipe 6-6: Detecting Dynamic Content Changes 246
 
Recipe 6-7: Detecting Source Code Leakages 249
 
Recipe 6-8: Detecting Technical Data Leakages 253
 
Recipe 6-9: Detecting Abnormal Response Time Intervals 256
 
Recipe 6-10: Detecting Sensitive User Data Leakages 259
 
Recipe 6-11: Detecting Trojan, Backdoor, and Webshell Access Attempts 262
 
7 Defending Authentication 265
 
Recipe 7-1: Detecting the Submission of Common/Default Usernames 266
 
Recipe 7-2: Detecting the Submission of Multiple Usernames 269
 
Recipe 7-3: Detecting Failed Authentication Attempts 272
 
Recipe 7-4: Detecting a High Rate of Authentication Atte

Report

'For those that want to ensure their web sites are as secure as possible, their developers should certainly implement the delicious recipes in Web Application Defender's Cookbook.' (RSA Conference, Jan 2013)