Recipe 5-12: Detecting Parameter Payload Size Anomalies
This recipe demonstrates how you can know when required parameter sizes are too small or too large.
Ingredients
- OWASP AppSensor14
- Unexpected Quantity of Characters in Parameter
- ModSecurity
- modsecurity_crs_40_appsensor_detection_point_2.0_setup.conf
- modsecurity_crs_40_appsensor_detection_point_2.1_request_exception.conf
- appsensor_request_exception_enforce.lua
- appsensor_request_exception_profile.lua
After the Lua profiling scripts outlined in Recipe 1-1 have completed for this resource, we have the following learned profile:
Resolved macro %{request_headers.host} to: 192.168.168.128 Resolved macro %{request_filename} to: /dvwa/vulnerabilities/brute/ Read variable: name "__expire_KEY", value "1334936349". Read variable: name "KEY", value "192.168.168.128_/dvwa/ vulnerabilities/brute/". Read variable: name "TIMEOUT", value "3600". Read variable: name "__key", value "192.168.168.128_/dvwa/ vulnerabilities/brute/". Read variable: name "__name", value "resource". Read variable: name "CREATE_TIME", value "1334932695". Read variable: name "UPDATE_COUNTER", value "10". Read variable: name "min_pattern_threshold", value "5". Read variable: name "min_traffic_threshold", value "10". Read variable: name "traffic_counter", value "10". Read variable: name "ARGS:username_length_8_counter", value "5". Read variable: name "ARGS:password_length_9_counter", value "5". Read variable: name "LAST_UPDATE_TIME", value "1334932749". Read ...Get Web Application Defender's Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
