Ads 468x60px

10 December 2018

F5 BIG-IP ASM - CSRF Protection



I think, the best way to learn about hacking and security is testing attacks and mitigating them. This is the methodology I follow in the Security courses on Networks and Systems I’m teaching these weeks. In addition, I like testing the laboratories before teaching to students because there are lots of kind of attacks and I think the best way to learn about how to block them is testing, testing and testing. Today, I’m going to write about how to exploit a CSRF vulnerability and how to mitigate it with a Web Application Firewall (WAF).

If you really want to learn about hacking and security, firstly, you have to deploy a laboratory with lots of technologies, such as IDS, HIDS, WIDS, network firewalls, WAFs, SIEMs; vulnerable servers like WebGoat; and hacking tools such as those which come with the Kali Linux operating system. Secondly, you must have lots of time to read and test because most the time you’ll have to learn by yourself. Finally, you should really love security. Today, I’ve used a Kali Linux with WebGoat as vulnerable server and a F5 BIG-IP ASM as WAF.

WebGoat

The Proof of Concept (PoC) that I have been testing today is a CSRF attack which is used when a malicious user wants to execute unauthorized commands from a user that the web application trusts. For instance, firstly, the victim has authenticated into the target website, such as a bank account website or a forum; secondly, the attacker sends a malicious link to fool victim to click; finally, if the victim clicks the malicious link, unauthorized commands are executed, such as transfers in the bank account or replies in the forum, which are happened underground. It’s important to highlight that XSS attacks exploit the trust a user has for a particular site while CSRF attacks exploit the trust that a site has in a user’s browser.

CSRF Attack
 
If you want to know how to test and mitigate a CSRF attack, see the next video:


Regards my friend and remember, keep studying!!

3 December 2018

F5 BIG-IP ASM - L7 DDoS Mitigation



This summer I was writing about F5 BIG-IP ASM. In fact, I made several videos where we can watch how we can configure the Web Application Firewall (WAF). For instance, I recorded videos about Session Based Brute Force Mitigation, Web Scraping Mitigation or Cookie Tampering. However, this week, I’ve made a new video about L7 DDoS Mitigation, which is useful for blocking DDoS attacks, but this video is different than Layer 7 DoS Mitigation due to the fact that this video takes into account that lots of computers can be behind the same IP address. Therefore, it’s able to block PCs regardless the IP address.

BIG-IP ASM has three mitigation methods to use on the attacking IP’s. The first mitigation method is Client Side Integrity Defense where PCs has a JavaScript challenge which should be resolved. If it’s not a bot, the browser will be able to resolve the challenge, and the F5 will considerate the PCs as legitimate. However, if the PCs won’t be able to resolve the challenge, requests will be blocked. The second mitigation method is a CAPTCHA challenge, where the user has to resolve the CAPTCHA challenge to access the website. The last mitigation method is Request Blocking where requests are blocked when a threshold is exceed.

Client Side Integrity Defense - Flow

The Client Side Integrity Defense method is useful to know if requests come from users or machines. However, once the DoS L7 attack starts, PCs have to resolve the JavaScript challenge, and this is a little bit computational demanding for PCs. You can notice this in the video. In addition, these mitigation methods can be configured with additional features such as Recording Traffic for automatic recording traffic during DoS attacks, or Trigger iRule for managing DoS events in a customized manner.

JavaScript Challenge
 
If you want to know what I’m writing about, see the next video:


Regards my friend and remember, keep studying!!
Related Posts Plugin for WordPress, Blogger...

Entradas populares