ModSecurity is a powerful open source web application firewall for the Apache web server, similar to OWASP's ESAPI and Qualys' Ironbee, that offers full HTTP logging (including request bodies) and real-time monitoring of traffic to detect attacks. ModSecurity is a robust, well tested product that has been in development for nearly a decade and is one of the most popular WAFs in the industry.
ModSecurity can be used to protect an application from cross-site scripting and other injection attacks without any modificaiton to the application itself. Additionally, the firewall can be set up similar to an intrusion detection system, to detect, block, and log known exploit patterns. The firewall is programmed with flexible rules using the ModSecurity Rule programming language and can be deployed in multiple network locations with numerous operating modes and options. Web application firewalls like ModSecurity do not remove the need for strong web security design. However, when configured with rules designed to harden websites, they can be a valuable defense-in-depth tool for web application developers and network, application, or system engineers who want to have secure websites but are not security experts.
Although it's not perfect, ModSecurity can be a valuable tool in the ongoing and evolving battle with web application security and it’s our goal to help you get started.
About the speakers:Joel St. John and Amanda Crowell are Security Engineers with the Seattle branch of iSEC Partners, a security consulting firm that has been operating since 2004. iSEC Partners works with several Fortune 500 companies in many different areas, including web, mobile, Windows and Apple technologies. Amanda and Joel have collectively worked on dozens of web application penetration engagements, each granting new insight into the different threats targeting web frameworks.