ModSecurity is an open-source, cross-platform web Application firewall (WAF) module. Known as the "Swiss Army Knife" of WAFs, it enables web application defenders to gain visibility into HTTP(S) traffic and provides a power rules language and API to implement advanced protections.
WAFs are deployed to establish an increased external security layer to detect and/or prevent attacks before they reach web applications. ModSecurity provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure.
Here are three commonly used approaches to prevent attacks:
- Negative security model: A negative security model monitors requests for anomalies, unusual behavior, and common web application attacks. It keeps anomaly scores for each request, IP addresses, application sessions, and user accounts. Requests with high anomaly scores are either logged or rejected altogether.
- Positive security model: When a positive security model is deployed, only requests that are known to be valid are accepted, with everything else rejected. This model requires knowledge of the web applications you are protecting. Therefore a positive security model works best with applications that are heavily used but rarely updated so that maintenance of the model is minimized.
- Known weaknesses and vulnerabilities: Its rule language makes ModSecurity an ideal external patching tool. External patching (sometimes referred to as Virtual Patching) is about reducing the window of opportunity. Time needed to patch application vulnerabilities often runs two weeks in many organizations. With ModSecurity, applications can be patched from the outside, without touching the application source code (and even without any access to it), making your systems secure until a proper patch is applied to the application.
ModSecurity is known to work well on a wide range of operating systems such as Linux, Windows, Solaris, FreeBSD, OpenBSD, NetBSD, AIX, Mac OS X, and HP-UX.
You might also like:
- Android Privacy Guard - OpenPGP For Android
- DEFT - Computer Forensic Live System
- BackBox - Penetration Testing and Ethical Hacking Linux Distribution
- Hexlock - A Must Have Android App
- Wireless Network Watcher - Free Wireless Network Tool
- Angry IP Scanner - A Fast Network Scanning Tool
- Aircrack-ng - WiFi Network Security Suite (Monitoring, Attacking, Testing, and Cracking)
- OpenStego - A Free Tool For Data Hiding and Digital Watermarking
- Wfuzz - Web Application Password Cracking Tool
- WebSploit Framework - Tool For Vulnerability Assessment & Exploitation
- Social-Engineer Toolkit - A Must Have Tool For Penetration Testers
- TCHead - TrueCrypt Password Cracking Tool
- Snuck - Tool For Automatic XSS Filter Bypass
- Zed Attack Proxy - Web Application Penetration Testing Tool
- Nmap - Network Security Audit Tool
- Noriben - Python Based Malware Analysis Sandbox
- D-TECT - Command-line Based Web Application Penetration Testing Tool
Related Articles
This post first appeared on Effect Hacking - Hacking Tools, How To Guides An, please read the originial post: here
