WAF

WAF RULE TESTING (UNRESTRICTED FILE UPLOAD VULNERABILITY)

Summary In this blog, we are going to test Unrestricted File upload vulnerability on XVWA application with OWASP CRS && CWAF 1.128 (latest version) Ruleset. Test Scenario 1. Test Unrestricted File Upload Vulnerability with OWASP CRS: OWASP CRS block possible malicious files upload i.e .php files from getting compromised by .php shell, but still we are able to find little flaw in the ...

WAF RULE TESTING (LOCAL FILE INCLUSION VULNERABILITY)

In this blog, we will be testing Local File Inclusion (LFI) vulnerability on vulnerable application with OWASP CRS & CWAF Ruleset 1.127 (latest version). Test Scenario 1. Testing LFI attack with OWASP CRS Include the OWASP CRS on apache config: Filename: REQUEST-930-APPLICATION-ATTACK-LFI PARANOIA_LEVEL:1 Rule ID: 930100,930110,930120,930130 Test these following payloads on the xvwa ...

WAF RULE TESTING (OS COMMAND INJECTION VULNERABILITY)

In this blog, we will be Testing OS command injection attack on vulnerable application with OWASP CRS & CWAF Ruleset. How to identify the flaw on OWASP CRS & CWAF Ruleset? At first, set up the vulnerable application i.e XVWA,OWASP Mutillidae Vulnerable App on the server for testing WAF rules. Install modsecurity and include both OWASP CRS && CWAF ruleset in apache config....

MODSECURITY WAF DASHBOARD (ELK STACK)

In this blog, we will be seeing what are the various open source web console available for ModSecurity and we will show our research project about integrating Modsecurity log with ELK-Stack (Elastic Search, Logstash, and Kibana ) as Web Dashboard for real time monitoring and analysing the log to prevent real time attacks. Following are the Open Source Web Console currently available for ModSec...

WAF RULE TO PREVENT 0-DAY ATTACKS IN WORDPRESS

(CVE-2017-8295) Wordpress <= 4.7.4 - Unauthorized Password Reset Vulnerability By default, WordPress is using an untrusted data to create a password reset link. That is supposed to be delivered only to the email address associated with the owner’s account. If the From email header is not present WordPress will use the server one. // check wp-includes/pluggable.php if ( !isset( $from_...

OWASP CRS 3 AND COMODO WAF PATCH RULES

In this blog, we will see how to identify flaws in WAF and write our custom waf rules to block new attacks against our vulnerable application. How to write Custom WAF rule to block new attacks on web application? At first, try to identify the security issue i.e payload or process which normally WAF failed to detect. Based on that develope regex pattern to match that payload. Follow the...

MODSECURITY WAF RULE WRITING

How to write Custom WAF rule to block new attacks on web application? At first, try to identify the security issue i.e payload or process which normally WAF failed to detect. Based on that develope regex pattern to match that payload. Follow the modsecurity syntax to write a new rule. Save the rule as .conf and include in the default rules directory. Restart the Apache server and st...