ModSecurity as Universal Cross-platform Web Protection Tool

Presented at Black Hat USA 2012, July 25, 2012, 2:15 p.m. (20 minutes)

For many years ModSecurity was a number one free open source web application firewall for the Apache web server. At this year's BlackHat we would like to announce that right now ModSecurity is also available for IIS and nginx servers, making it a first free cross-platform WAF for on-line services. Using MSRC response process and CVE-2011-3414 as an example, we will show how ModSecurity can be used in early detection of attacks and mitigation of vulnerabilities affecting web infrastructure. We will also show how OWASP ModSecurity Core Rule Set can be used as a base for detection of 0-day attacks on Apache, IIS and nginx servers.

Presenters:

• Ryan Barnett
• Greg Wroblewski

Links:

• https://www.blackhat.com/html/bh-us-12/bh-us-12-archives.html#Wroblewski
• https://media.blackhat.com/bh-us-12/Turbo/Wroblewski/BH_US_12_Wroblewski_ModSecurity_Universal_Slides.pdf
• https://media.blackhat.com/bh-us-12/Turbo/Wroblewski/BH_US_12_Wroblewski_ModSecurity_Universal_WP.pdf

Similar Presentations:

• DEF CON 16 (2008) / The Wide World of WAFs
• AppSec USA 2017 / Core Rule Set for the Masses
• AppSec USA 2013 / 2 Day Pre-Conference Training: Web Application Defender's Cookbook: LIVE Training