book

Web Application Defender's Cookbook

by Ryan C. Barnett, Jeremiah Grossman

December 2012

Intermediate to advanced

552 pages

13h 16m

English

Wiley

Read now

Unlock full access

Content preview from Web Application Defender's Cookbook

Recipe 5-9: Detecting Additional Parameters

This recipe demonstrates how to find out when additional, unexpected parameters are added to a request.

Ingredients

OWASP AppSensor10
- Additional/Duplicate Data in Request
ModSecurity
- modsecurity_crs_40_appsensor_detection_point_2.0_setup.conf
- modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf
- appsensor_request_exception_enforce.lua
- appsensor_request_exception_profile.lua

After the Lua profiling scripts outlined in Recipe 1-1 have completed for this resource, we have the following learned profile:

Resolved macro %{request_headers.host} to: 192.168.168.128 Resolved macro %{request_filename} to: /dvwa/vulnerabilities/brute/ Read variable: name "__expire_KEY", value "1334936349". Read variable: name "KEY", value "192.168.168.128_/dvwa/ vulnerabilities/brute/". Read variable: name "TIMEOUT", value "3600". Read variable: name "__key", value "192.168.168.128_/dvwa/ vulnerabilities/brute/". Read variable: name "__name", value "resource". Read variable: name "CREATE_TIME", value "1334932695". Read variable: name "UPDATE_COUNTER", value "10". Read variable: name "min_pattern_threshold", value "5". Read variable: name "min_traffic_threshold", value "10". Read variable: name "traffic_counter", value "10". Read variable: name "ARGS:username_length_8_counter", value "5". Read variable: name "ARGS:password_length_9_counter", value "5". Read variable: name "LAST_UPDATE_TIME", value "1334932749". Read variable: name "enforce_request_methods", ...