Web Application Security Training

  • Overview
  • Course Content
  • Drop us a Query

Web Application Security Training aims to insights the candidates on ModSecurity profiler analyzes the traffic of web applications to develop the profiles for implementing a robust security model. The training focuses on the ModSecurity rules, which tend to detect most of the rampant web attacks and offering protection to the information system from various forms of attacks by making the use of mechanisms like real time analysis, logging and monitoring.

After the completion of the Web Application Security Training, the candidates would be able to:

  • Understand the Integrate with Apache
  • Learn how to install as well as Configure ModSecurity
  • Know all about: Performance, Virtual Patches and Audit logs
  • Develop understanding on Blocking General Attacks
  • Learn how to write Rules in ModSecurity
  • How to protect the Web Applications using different mechanisms?
  • What are Chroot Jails?
  • REMO - Create and modify rules
Target audience
  • IT professionals willing to learn ModSecurity skill so that they could ensure the security of the organization's information assets.
Prerequisites

The prerequisites for the Web Application Security course:

  • Basic of Web Application Security Issues.
  • Knowledge of the basics of TCP/IP Network Operation.
  • Understanding of the common web technologies and services is required

1. Installation and Configuration

  • Unpacking the source code
  • Required additional libraries and files
  • Compilation
  • Testing your installation

2. Integrating ModSecurity with Apache

  • Integrating ModSecurity with Apache
  • Configuration file
  • Completing the configuration

3 . Writing Mod Security Rules

  • Variables and collections
  • Creating chained rules
  • Using @rx to block a remote host
  • Simple string matching
  • Matching numbers
  • More about collections
  • Transformation functions
  • Phases and rule ordering
  • Actions—what to do when a rule matches
  • Macro expansion
  • SecRule in practice
  • SecRule in practice
  • Blocking uncommon request methods
  • Restricting access to certain times of day
  • Detecting credit card leaks
  • Detecting credit card numbers
  • Executing shell scripts
    • Sending alert emails
    • Sending more detailed alert emails
    • Counting file downloads
    • Blocking brute-force password guessing

4  . Performance

  • A typical HTTP request
  • A real-world performance test
  • The core rule set
  • Installing the core rule set
  • ModSecurity without any loaded rules
  • ModSecurity with the core ruleset loaded
  • Optimizing performance

5 . Audit Logging

  • Enabling the audit log engine
  • Single versus multiple file logging
  • Determining what to log
  • Log format
  • Concurrent logging
  • Selectively disabling logging
  • Audit log sanitization actions
  • The ModSecurity Console

6 . Virtual Patching

  • Creating a virtual patch
  • From vulnerability discovery to virtual patch:
  • Creating the patch
  • Changing the web application for additional security
  • Testing your patches
  • Cross-site scripting

7 . Blocking Common Attacks

  • HTTP fingerprinting
    • How HTTP fingerprinting works
      • Server banner
      • Response header
      • HTTP protocol responses
    • Using ModSecurity to defeat HTTP fingerprinting
  • Blocking proxied requests
  • Cross-site scripting
  • Preventing XSS attacks
  • PDF XSS protection
    • Http Only cookies to prevent XSS attacks
  • Cross-site request forgeries
    • Protecting against cross-site request forgeries
  • Shell command execution attempts
  • Null byte attacks
    • ModSecurity and null bytes
  • Source code revelation
  • Directory traversal attacks
  • Blog spam
  • SQL injection
  • Preventing SQL injection attacks
  • Website defacement
  • Brute force attacks
  • Directory indexing
  • Detecting the real IP address of an attacker

8 . Chroot Jails

  • What is a chroot jail?
  • A sample attack
  • Traditional chrooting
  • How ModSecurity helps jailing Apache
  • Using ModSecurity to create a chroot jail
  • Verifying that the jail works
  • Chroot caveats

9 . REMO

  • Remo rules
  • Creating and editing rules
  • Installing the rules

10. Protecting a Web Application

  • Step 1: Identifying user actions
  • Step 2: Getting detailed information on each action
  • Step 3: Writing rules
  • Step 4: Testing the new ruleset
  • Blocking what's allowed—denying everything else
  • Cookies
  • Headers
  • Securing the "Start New Topic" action
  • The ruleset so far
  • The finished ruleset
  • Alternative approaches
  • Keeping everything up to date

11. Securing Web Goat (Vulnerable Web Application) with MODSECURITY

A Few Things You'll Love!

What our Students Speak

+