Introduction to Mod_Security

-

What Is ModSecurity?

ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. [7]

mod_security is an Apache module (for Apache 1 and 2) that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc. [6]

mod_security is an Apache module designed as a sort of web application firewall. It’s most useful for preventing SQL Injection and Cross Site Scripting (or XSS). [2]

It is also an open source project that aims to make the web application firewall technology available to everyone. [7]


SQL Injection

SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

Cross-site scripting (XSS)

Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include HTML code and client-side scripts. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. Vulnerabilities of this kind have been exploited to craft powerful phishing attacks and browser exploits. As of 2007, cross-site scripting carried out on websites were roughly 80% of all documented security vulnerabilities. Often during an attack "everything looks fine" to the end-user who may be exposed to unauthorized access, theft of sensitive data and financial loss.

References:

Comments

Post a Comment

Popular posts from this blog

java.lang.ExceptionInInitializerError while trying to Access login page

-
Today morning, we (the DBAs) were faced with a strange issue. On Saturday (the 14th of February - (St.) Valentine's day!!), the UNIX boxes hosting our critical test instance went down for scheduled maintenance without any prior information. So, we could not bring down our databases and applications. As soon as the unix box came up, we encountered this issue. Let me briefly describe the environment, the issue, the analysis performed and of course, the solution to this most vexing problem. Environment : Apps Version : 11.5.10.2 with ATG RUP 5 DB Version : 10.2.0.3 Architecture : Two Node instance with database + admin on one tier and web server on another. PS : Another instance (development) exists on the same server with the same configuration, which was working fine. Issue : When trying to access the login page of Oracle Apps, received the below error. Even OAM login page was throwing the same error. Request URI: /OA_HTML/AppsLocalLogin.jsp Exception: java.lang.ExceptionInIniti
Read more

Solution to "End Program - WMS Idle"

-
Image
Though this topic is unrelated any Apps DBA topics, I found it necessary to share the solution so that everyone benifits out of it ! Issue: I used to receive the below error message whenever I tried to shutdown windows XP. A rather vexing problem, no doubt. Cause: This message appears because when windows is trying to shutdown and end all the running processes, the WMS idle process keeps working. Thus an end-program message appears. The two most common reasons for this are: Scout service run by Nero 7 Microsoft Office Communicator 2005 Solution: The fix is simple, disable the Nero 7 scout service if it is enabled. For this, go to Start > All Programs > Nero > Tools > Nero Scout . On this screen , Uncheck Enable the Nero scout. This will fix the issue for most of the users, for the rest of you who are not using Nero are most probably getting this error because of Microsoft Office Communicator 2005. For that you need to either manually exit the communicator 2005 from the s
Read more

WGET shell Script for downloading patches

-
What I have to offer this time is a script using which you can download patches using WGET from Meta.....oops, from My Oracle Support, I should say! This script needs (or accepts) the following parameters: 1. Me...oops...MOS Username 2. MOS (I got it right this time!) password 3. Patch file name 4. ARU Number You can get 3 and 4 in the following way: Using MOS: Query for the particular patch, click on the download link, click on WGET Options on the left side bottom corner and then copy the WGET script to clipboard. That script will have both the patch name and the ARU number. Using HTML (supporthtml.oracle.com): Query for the particular patch, click on the patch, then RIGHT CLICK on the patch zip file link and click on copy shortcut in IE (or copy link location in Mozilla Firefox). This link will have both the patch file name and the ARU number. Using the classic patches window: Query for the particular patch, then RIGHT CLICK on the DOWNLOAD button and click on copy shortcut in IE (or
Read more