Advanced Web Application Security Defense with ModSecurity

From What The Wiki?!

To view the full lecture on video, click "Here".

Abstract

With this presentation first we want to present a very interesting open source project where we are working in internally and want publish some new capabilities as result of our use and testing of this impressive Apache module, because we think it is a good project to invest time for the community, and it tries to cover a forgotten field and be a true alternative to commercial solutions; second objective is to present a practical demonstration on how it works, what kind of attacks we can avoid and how the advanced filtering definition permits to control, in an incredible detail, the security of an application, and how you can build your own Application Firewall Appliance; and thirdly, to explain wherein we are working in to increase the level of protection of the applications, usability, increase the per-application automated rule generation, etc.

Modsecurity is already a solid project, it really works very fine, and it only needs more people to know it and get involved to make it bigger and better.

Audience: General
Skills: Basic Knowledge of Web Application attacks

  • What is mod_security?
  • Characteristics and capabilities
  • Advantages
  • Configurations:
    • Generic attacks protection
    • Commercial/OpenSource applications defense
    • Propietary Web App protection
    • Web Services Apps attacks
  • Architectures:
    • Apache module
    • App Firewall+proxy
  • Performance tests/results
  • Future improvements:Areas which we are working to enhance the power of this module.


Speakers


Schedule

Day [[27 July 2005|]]
Location [[|]]
Start Time [[|]]
Duration


Informations

Type [[]]
Track Here
Language
[[Category: ]]

[[Category: ]]

Retrieved from "http://wiki.whatthehack.org/index.php/Advanced_Web_Application_Security_Defense_with_ModSecurity"