0 CHECKOUT

Web Application Defender's Cookbook. Battling Hackers and Protecting Users

  • ID: 2246152
  • December 2012
  • 552 Pages
  • John Wiley and Sons Ltd
1 of 4

100+ recipes to improve your defenses

Are your web applications secure? Do you know how to lock down new web applications when they are placed into production? Do you know if attackers are trying to break into your site and steal data or cause other harm? The solutions in this book provide answers to these critical questions and increase your ability to thwart malicious activity within your web applications.

Each recipe includes background data explaining how the attack works, an ingredients list, and step–by–step directions. You'll learn how to prepare for attacks, analyze web transactions for malicious activity, and respond with the best solutions. ModSecurity, a versatile, open source web application firewall module for Apache, Microsoft IIS, and Nginx web server platforms, is used to demonstrate each defensive technique.

Learn to:

- Implement full HTTP auditing for incident response
- Utilize virtual patching processes to remediate identified vulnerabilities
- Deploy web tripwires (honeytraps) to identify malicious users
- Detect when users are acting abnormally
- Analyze uploaded files and web content for malware
- Recognize when web applications leak sensitive user or technical data
- Respond to attacks with varying levels of force

Note: Product cover images may vary from those shown
2 of 4

Foreword xix

Introduction xxiii

I Preparing the Battle Space 1

1 Application Fortification 7

Recipe 1–1: Real–time Application Profiling 7

Recipe 1–2: Preventing Data Manipulation with Cryptographic Hash Tokens 15

Recipe 1–3: Installing the OWASP ModSecurity Core Rule Set (CRS) 19

Recipe 1–4: Integrating Intrusion Detection System Signatures 33

Recipe 1–5: Using Bayesian Attack Payload Detection 38

Recipe 1–6: Enable Full HTTP Audit Logging 48

Recipe 1–7: Logging Only Relevant Transactions 52

Recipe 1–8: Ignoring Requests for Static Content 53

Recipe 1–9: Obscuring Sensitive Data in Logs 54

Recipe 1–10: Sending Alerts to a Central Log Host Using Syslog 58

Recipe 1–11: Using the ModSecurity AuditConsole 60

2 Vulnerability Identification and Remediation 67

Recipe 2–1: Passive Vulnerability Identification 70

Recipe 2–2: Active Vulnerability Identification 79

Recipe 2–3: Manual Scan Result Conversion 88

Recipe 2–4: Automated Scan Result Conversion 92

Recipe 2–5: Real–time Resource Assessments and Virtual Patching 99

3 Poisoned Pawns (Hacker Traps) 115

Recipe 3–1: Adding Honeypot Ports 116

Recipe 3–2: Adding Fake robots.txt Disallow Entries 118

Recipe 3–3: Adding Fake HTML Comments 123

Recipe 3–4: Adding Fake Hidden Form Fields 128

Recipe 3–5: Adding Fake Cookies 131

II Asymmetric Warfare 137

4 Reputation and Third–Party Correlation 139

Recipe 4–1: Analyzing the Client s Geographic Location Data 141

Recipe 4–2: Identifying Suspicious Open Proxy Usage?@147

Recipe 4–3: Utilizing Real–time Blacklist Lookups (RBL) 150

Recipe 4–4: Running Your Own RBL 157

Recipe 4–5: Detecting Malicious Links 160

5 Request Data Analysis 171

Recipe 5–1: Request Body Access 172

Recipe 5–2: Identifying Malformed Request Bodies 178

Recipe 5–3: Normalizing Unicode 182

Recipe 5–4: Identifying Use of Multiple Encodings 186

Recipe 5–5: Identifying Encoding Anomalies 189

Recipe 5–6: Detecting Request Method Anomalies 193

Recipe 5–7: Detecting Invalid URI Data 197

Recipe 5–8: Detecting Request Header Anomalies 200

Recipe 5–9: Detecting Additional Parameters 209

Recipe 5–10: Detecting Missing Parameters 212

Recipe 5–11: Detecting Duplicate Parameter Names 214

Recipe 5–12: Detecting Parameter Payload Size Anomalies 216

Recipe 5–13: Detecting Parameter Character Class Anomalies 219

6 Response Data Analysis 223

Recipe 6–1: Detecting Response Header Anomalies 224

Recipe 6–2: Detecting Response Header Information Leakages 234

Recipe 6–3: Response Body Access 238

Recipe 6–4: Detecting Page Title Changes 240

Recipe 6–5: Detecting Page Size Deviations 243

Recipe 6–6: Detecting Dynamic Content Changes 246

Recipe 6–7: Detecting Source Code Leakages 249

Recipe 6–8: Detecting Technical Data Leakages 253

Recipe 6–9: Detecting Abnormal Response Time Intervals 256

Recipe 6–10: Detecting Sensitive User Data Leakages 259

Recipe 6–11: Detecting Trojan, Backdoor, and Webshell Access Attempts 262

7 Defending Authentication 265

Recipe 7–1: Detecting the Submission of Common/Default Usernames 266

Recipe 7–2: Detecting the Submission of Multiple Usernames 269

Recipe 7–3: Detecting Failed Authentication Attempts 272

Recipe 7–4: Detecting a High Rate of Authentication Attempts 274

Recipe 7–5: Normalizing Authentication Failure Details 280

Recipe 7–6: Enforcing Password Complexity 283

Recipe 7–7: Correlating Usernames with SessionIDs 286

8 Defending Session State 291

Recipe 8–1: Detecting Invalid Cookies 291

Recipe 8–2: Detecting Cookie Tampering 297

Recipe 8–3: Enforcing Session Timeouts 302

Recipe 8–4: Detecting Client Source Location Changes During Session Lifetime 307

Recipe 8–5: Detecting Browser Fingerprint Changes During Sessions 314

9 Preventing Application Attacks 323

Recipe 9–1: Blocking Non–ASCII Characters 323

Recipe 9–2: Preventing Path–Traversal Attacks 327

Recipe 9–3: Preventing Forceful Browsing Attacks 330

Recipe 9–4: Preventing SQL Injection Attacks 332

Recipe 9–5: Preventing Remote File Inclusion (RFI) Attacks 336

Recipe 9–6: Preventing OS Commanding Attacks 340

Recipe 9–7: Preventing HTTP Request Smuggling Attacks 342

Recipe 9–8: Preventing HTTP Response Splitting Attacks 345

Recipe 9–9: Preventing XML Attacks 347

10 Preventing Client Attacks 353

Recipe 10–1: Implementing Content Security Policy (CSP) 353

Recipe 10–2: Preventing Cross–Site Scripting (XSS) Attacks 362

Recipe 10–3: Preventing Cross–Site Request Forgery (CSRF) Attacks 371

Recipe 10–4: Preventing UI Redressing (Clickjacking) Attacks 377

Recipe 10–5: Detecting Banking Trojan (Man–in–the–Browser) Attacks 381

11 Defending File Uploads 387

Recipe 11–1: Detecting Large File Sizes 387

Recipe 11–2: Detecting a Large Number of Files 389

Recipe 11–3: Inspecting File Attachments for Malware 390

12 Enforcing Access Rate and Application Flows 395

Recipe 12–1: Detecting High Application Access Rates 395

Recipe 12–2: Detecting Request/Response Delay Attacks 405

Recipe 12–3: Identifying Inter–Request Time Delay Anomalies 411

Recipe 12–4: Identifying Request Flow Anomalies 413

Recipe 12–5: Identifying a Significant Increase in Resource Usage 414

III Tactical Response 419

13 Passive Response Actions 421

Recipe 13–1: Tracking Anomaly Scores 421

Recipe 13–2: Trap and Trace Audit Logging 427

Recipe 13–3: Issuing E–mail Alerts 428

Recipe 13–4: Data Sharing with Request Header Tagging 436

14 Active Response Actions 441

Recipe 14–1: Using Redirection to Error Pages 442

Recipe 14–2: Dropping Connections 445

Recipe 14–3: Blocking the Client Source Address 447

Recipe 14–4: Restricting Geolocation Access Through Defense Condition

(DefCon) Level Changes 452

Recipe 14–5: Forcing Transaction Delays 455

Recipe 14–6: Spoofing Successful Attacks 462

Recipe 14–7: Proxying Traffic to Honeypots 468

Recipe 14–8: Forcing an Application Logout 471

Recipe 14–9: Temporarily Locking Account Access 476

15 Intrusive Response Actions 479

Recipe 15–1: JavaScript Cookie Testing 479

Recipe 15–2: Validating Users with CAPTCHA Testing 481

Recipe 15–3: Hooking Malicious Clients with BeEF 485

Index 495

Note: Product cover images may vary from those shown
3 of 4

RYAN BARNETT is a Lead Security Researcher in Trustwave's SpiderLabs Team, an advanced security team focused on penetration testing, incident response, and application security. He is the ModSecurity web application firewall project lead, a SANS Institute certified instructor, and a frequent speaker at industry conferences.

Note: Product cover images may vary from those shown
4 of 4
Note: Product cover images may vary from those shown

PLEASE SELECT A FORMAT

  • Quick Help: The book will be shipped to you. The cover has a paper back.

HAVE A QUESTION?

If you have a more general question about our products please try our

FAQ SECTION

RELATED PRODUCTS from Db

Our Clients

  • Intel Corporation
  • Autodesk, Inc.
  • Hewlett-Packard Company
  • Ahlstrom Corporation
  • 3M Company
  • SAP SE
  • Samsung Electronics Co., Ltd.