Professional Documents
Culture Documents
Đề cương Tim hiểu Modsecurity ứng dung trong bảo mật ứng dụng Web
Đề cương Tim hiểu Modsecurity ứng dung trong bảo mật ứng dụng Web
GVHD: Nguy n ng Quang SV: inh Anh Tu n MSSV: 08110139 PH N 1: C B N V GIAO TH C HTTP
1. Gi i thi u chung 1.2. Ho t ng HTTP 1.2.1. K t n i 1.2.2. Pipelining 1.2.3. Web Page Retrieval GET 1.2.4. Web Forms POST 1.2.5. File Upload PUT 1.2.6. File Deletion DELETE 1.2.7. Tr ng thi HEAD 1.3. Thng i p HTTP 1.3.1. C u trc c a thng i p HTTP 1.3.2. Cc tr ng trong HTTP header PH N 2: CC HNH TH C T N CNG WEB APPLICATION L: 1. T n cng t ch i d ch v (Denial of Service) 2. SQL injection 3. LOCAL ATTACK 4. Site reconnaissance 5. Session hijacking 6. Application denial of service 7. Malicious probes/crawlers 8. Cookie/session tampering 9. Path traversal 10. Information leakage 11. XSS 12. DDOS 13. Flood 14. SQL injection 15. Directory Traversal T NG
PH N 3: MODSECURITY 3.1. GI I THI U MODSECURITY 3.2. CC KH N NG C A MODSECURITY 1. Phase Request Header 2. Phase Request Body 3. Phase Response Header 4. Phase Response Body 5. Phase logging: 3.3. CI T V C U HNH 3.4. VI T RULES 3.4.1. C php SecRule 3.4.1.1. Bi n v b ch n l c Collection 3.4.1.2. Chuy n i gi a cc Collection 3.4.1.3. L u tr cc Request 3.4.1.4. Ki m tra nhi u bi n 3.4.1.5. S d ng d u khi vi t rule 3.4.1.6. T o rule k t chu i chain 3.4.1.7. Rule IDs 3.4.2. Gi i thi u v bi u th c chnh quy Regular expressions 3.4.3.1. V d v cc bi u th c chnh quy 3.4.3.2. Cc bi u th c chnh quy khc 3.4.3. So snh s (matching number) 3.4.4. Phases v s p x p rule 3.4.5. Ch c n ng chuy n i 3.4.5.1. Thi t l p so snh v i @pm v @pmFromFile 3.4.6. Kho m t s request thng th ng 3.4.7. Kho m t s request khng thng th ng 3.4.8. Pht hi n r r th tn d ng 3.4.8.1. Pht hi n r r th tn d ng 3.4.8.3. Thu t ton Luhn Ki m tra s th tn d ng 3.4.9. Theo di v tr a l c a khch truy c p 3.4.9.1. Cc tr ng trong collection GEO 3.4.9.2. C m cc ng i dng t cc qu c gia c ch nh 3.4.9.3. Cn b ng t i gi a cc server trn cc chu l c khc nhau
3.4.10. Th c hi n cc shell scripts v i ModSecurity 3.4.10.1. Gi i email c nh bo 3.4.10.2. G i nhi u thng tin h n n email 3.4.10.3. Ch n t n cng on m t kh u brute-force 3.4.11. Chn d li u vo response 3.4.13. Ki m tra cc t p tin c upload ln PH N 4. NG N CH N M T S V I MODSECURITY HNH TH C T N CNG TH NG G P
4.1. HTTP FINGERPRINTING 4.2. NG N CH N CC REQUEST T PROXY SERVER 4.3. CROSS-SITE SCRIPTING 4.4. T N CNG TH C THI CC L NH SHELL 4.5. T N CNG NULL BYTE 4.6. T N CNG DIRECTORY TRAVERSAL 4.7. T N CNG SQL INJECTION 4.8. T N CNG BRUTE FORCE 4.9. DIRECTORY INDEXING