ModSecurity as Universal Cross-platform Web Protection Tool
- Type
- Paper
- Tags
- WAF
- Authors
- Greg Wroblewski, Ryan C. Barnett
- Event
- Black Hat USA 2012
- Indexed on
- Jun 17, 2014
- URL
- https://media.blackhat.com/bh-us-12/Turbo/Wroblewski/BH_US_12_Wroblewski_ModSecurity_Universal_WP.pdf
- File name
- BH_US_12_Wroblewski_ModSecurity_Universal_WP.pdf
- File size
- 1.3 MB
- MD5
- 7031539545d07585cc1ace30062da41d
- SHA1
- d599be35314b4641c438110b37d13e8b689c39e0
For many years ModSecurity was a number one free open source web application firewall for the Apache web server. At this year's BlackHat we would like to announce that right now ModSecurity is also available for IIS and nginx servers, making it a first free cross-platform WAF for on-line services. Using MSRC response process and CVE-2011-3414 as an example, we will show how ModSecurity can be used in early detection of attacks and mitigation of vulnerabilities affecting web infrastructure. We will also show how OWASP ModSecurity Core Rule Set can be used as a base for detection of 0-day attacks on Apache, IIS and nginx servers.
About us
Secdocs is a project aimed to index high-quality IT security and hacking documents. These are fetched from multiple data sources: events, conferences and generally from interwebs.
Statistics
Serving 8166 documents and 531.0 GB of hacking knowledge, indexed from 2419 authors from 163 security conferences.
Contribute
To support this site and keep it alive, you can click on the buttons below. Any help is really appreciated! This service is provided for free, but real money is needed to pay bills.
