Wednesday, December 07, 2005

ModSecurity

ModSecurity is an open source intrusion detection and prevention engine for web applications. It can also be called an web application firewall. It operates embedded into the web server, acting as a powerful umbrella, shielding applications from attacks.



ModSecurity integrates with the web server, increasing your power to deal with web attacks. Some of its features worth mentioning are:

1• Request filtering; incoming requests are analysed as they come in, and before they get handled by the web server or other modules. (Strictly speaking, some processing is done on the request before it reaches ModSecurity but that is unavoidable in the embedded mode of operation.)
2• Anti-evasion techniques; paths and parameters are normalised before analysis takes place in order to fight evasion techniques.
3• Understanding of the HTTP protocol; since the engine understands HTTP, it performs very specific and fine granulated filtering. For example, it is possible to look at individual parameters, or named cookie values.
4• POST payload analysis; the engine will intercept the contents transmitted using the POST method, too.
5• Audit logging; full details of every request (including POST) can be logged for forensic analysis later.
6• HTTPS filtering; since the engine is embedded in the web server, it gets access to request data after decryption takes place.
7• Compressed content filtering; same as above, the security engine has access to request data after decompression takes place.

ModSecurity can be used to detect attacks, or to detect and prevent attacks.

Modsecurity.org

It`s a good tools to prevent your webserver from being attack from such as SQL Injection and etc. I`ll suggest you to install this thing if you don`t think your web programming are not good in secure programming. Understand what i meant?

Well, this time training, i will ask my student to do installation apache2 with modsecurity and test it by their own and that`s will give me a lot of time to skip teaching :P. Good idea ha!

:)