Chapter 9
Preventing Application Attacks
Rapidity is the essence of war: take advantage of the enemy’s unreadiness, make your way by unexpected routes, and attack unguarded spots.
—Sun Tzu in The Art of War
Attackers use a variety of methods to bypass web application input validation and access control mechanisms. The recipes in this chapter show you the most common attack methods and outline various countermeasures for each one. Each recipe includes reference material taken from the Mitre Common Attack Pattern Enumeration and Classification (CAPEC) project: http://capec.mitre.org/.
- OWASP ModSecurity Core Rule Set (CRS)
- modsecurity_crs_20_protocol_violations.conf
- ModSecurity
- ARGS variable
- ARGS_NAMES variable
- REQUEST_HEADERS variable
- @validateByteRange operator
209.235.136.112 - - [15/Apr/2012:16:55:36 +0900] "GET /index.php?option=com_ganalytics&controller=../opt/lampp/logs/ ...
Get Web Application Defender's Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.