Ads 468x60px

Featured Posts

18 de junio de 2018

WAF - Login Enforcement & Session Tracking

Associates usernames and sessions with application violations provide in-depth blocking and visibility, which is useful for attack understanding and forensics. In addition, if we are able to identify devices for every visitor across multiple IPs and sessions, we’ll increase precision in blocking malicious activities. Therefore, this kind of techniques will help us to identify and block suspicious clients and headless browsers as well as mitigate client side malware.

The first video this week is about Login URL Enforcement which is a mechanism for preventing Forceful Browsing to restricted parts of the web application. By defining a required URL (i.e. login page), the user must pass through it in order to access a certain target URL. This mechanism uses ASM cookies, which are session cookies, to keep information about the prerequisite URL that was accessed successfully. We’ll watch how to create a Login Page and how to configure Login Enforcement in the next video.

The second video is about Session Awareness and how to configure violation detection actions. In fact, we’ll configure ASM to log all requests from the session when the threshold is triggered. However, session awareness can also mitigate Session Hijacking Attacks which occurs when an attacker is able to steal session information from an authenticated user. Session hijacking prevention is based on fingerprinting where client identification is based on screen resolution, time and time zone data, browser attributes such as platform, version, plugins installed, etc. Therefore, we’ll watch in the next video how to enable session awareness and how to log all requests once a violation is detected.

Regards my friends and drop me a line if you configure Login Enforcement and Session Tracking in your security policy.

11 de junio de 2018

F5 BIG-IP ASM - Parameter Tampering Attacks

Cookie Tampering Attacks, HTTP Header Tampering Attacks or Parameter Tampering Attacks can’t be blocked from traditional firewalls. Instead, we should deploy a Web Application Firewall (WAF) where we can configure a Positive Security Policy that allows file types, URLs and parameters. If we configure a security policy, which is Learning with Add All Entities, we’ll have granular protection of entities and much more security protection but maintenance efforts will be high. It’s up to you what level of protection you need.

I would like to show how we can configure a policy for Protecting Static Parameters. It’s important to highlight that security engineers will have to work along with developers to understand web application logic because it will be necessary to know the amount of parameters, the type of parameters and their values as well. We can watch in the next video that the “payment” parameter is static and it has four static values, then, when the “payment” value is not one of the values configured, the request is blocked.

I would also like to show how we can configure a policy for Protecting Dynamic Parameters. It’s similar than protecting static parameters but dynamic means we don’t know the value. Therefore, we have to define dynamic parameter extraction properties which depend on how the web application handles parameter name/value pairs. For instance, we can configure extractions searching in links, searching in response bodies, searching entire forms, searching within forms or even searching in XML files. We can watch in the next video that the “nick” parameter is dynamic and it is extracted from “index.php” searching in the entire form.

Regards my friends and drop me a line if you want to configure advanced parameter handling in your security policy.
Related Posts Plugin for WordPress, Blogger...

Entradas populares