Scribd Logo
Upload

Welcome to Scribd!

  • Đề cương Tim hiểu Modsecurity ứng dung trong bảo mật ứng dụng Web

    Uploaded by

    Anh Tuấn Đinh
    119 views3 pages

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    119 views3 pages

    Đề cương Tim hiểu Modsecurity ứng dung trong bảo mật ứng dụng Web

    Uploaded by

    Anh Tuấn Đinh

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    TI: TIM HI U MODSECURITY NG DUNG TRONG B O M T NG D NG WEB

    GVHD: Nguy n ng Quang SV: inh Anh Tu n MSSV: 08110139 PH N 1: C B N V GIAO TH C HTTP

    1. Gi i thi u chung 1.2. Ho t ng HTTP 1.2.1. K t n i 1.2.2. Pipelining 1.2.3. Web Page Retrieval GET 1.2.4. Web Forms POST 1.2.5. File Upload PUT 1.2.6. File Deletion DELETE 1.2.7. Tr ng thi HEAD 1.3. Thng i p HTTP 1.3.1. C u trc c a thng i p HTTP 1.3.2. Cc tr ng trong HTTP header PH N 2: CC HNH TH C T N CNG WEB APPLICATION L: 1. T n cng t ch i d ch v (Denial of Service) 2. SQL injection 3. LOCAL ATTACK 4. Site reconnaissance 5. Session hijacking 6. Application denial of service 7. Malicious probes/crawlers 8. Cookie/session tampering 9. Path traversal 10. Information leakage 11. XSS 12. DDOS 13. Flood 14. SQL injection 15. Directory Traversal T NG

    16. Trojan Protection 17. Error Hiding

    PH N 3: MODSECURITY 3.1. GI I THI U MODSECURITY 3.2. CC KH N NG C A MODSECURITY 1. Phase Request Header 2. Phase Request Body 3. Phase Response Header 4. Phase Response Body 5. Phase logging: 3.3. CI T V C U HNH 3.4. VI T RULES 3.4.1. C php SecRule 3.4.1.1. Bi n v b ch n l c Collection 3.4.1.2. Chuy n i gi a cc Collection 3.4.1.3. L u tr cc Request 3.4.1.4. Ki m tra nhi u bi n 3.4.1.5. S d ng d u khi vi t rule 3.4.1.6. T o rule k t chu i chain 3.4.1.7. Rule IDs 3.4.2. Gi i thi u v bi u th c chnh quy Regular expressions 3.4.3.1. V d v cc bi u th c chnh quy 3.4.3.2. Cc bi u th c chnh quy khc 3.4.3. So snh s (matching number) 3.4.4. Phases v s p x p rule 3.4.5. Ch c n ng chuy n i 3.4.5.1. Thi t l p so snh v i @pm v @pmFromFile 3.4.6. Kho m t s request thng th ng 3.4.7. Kho m t s request khng thng th ng 3.4.8. Pht hi n r r th tn d ng 3.4.8.1. Pht hi n r r th tn d ng 3.4.8.3. Thu t ton Luhn Ki m tra s th tn d ng 3.4.9. Theo di v tr a l c a khch truy c p 3.4.9.1. Cc tr ng trong collection GEO 3.4.9.2. C m cc ng i dng t cc qu c gia c ch nh 3.4.9.3. Cn b ng t i gi a cc server trn cc chu l c khc nhau

    3.4.10. Th c hi n cc shell scripts v i ModSecurity 3.4.10.1. Gi i email c nh bo 3.4.10.2. G i nhi u thng tin h n n email 3.4.10.3. Ch n t n cng on m t kh u brute-force 3.4.11. Chn d li u vo response 3.4.13. Ki m tra cc t p tin c upload ln PH N 4. NG N CH N M T S V I MODSECURITY HNH TH C T N CNG TH NG G P

    4.1. HTTP FINGERPRINTING 4.2. NG N CH N CC REQUEST T PROXY SERVER 4.3. CROSS-SITE SCRIPTING 4.4. T N CNG TH C THI CC L NH SHELL 4.5. T N CNG NULL BYTE 4.6. T N CNG DIRECTORY TRAVERSAL 4.7. T N CNG SQL INJECTION 4.8. T N CNG BRUTE FORCE 4.9. DIRECTORY INDEXING

    You might also like