Recipe 6-8: Detecting Technical Data Leakages
This recipe demonstrates how to determine when outbound error pages contain technical information generated by the application failure.
Ingredients
- ModSecurity
- modsecurity_crs_50_outbound.conf
- @pm operator
- @rx operator
Application Failure Stack Dumps
Similar to the causation scenarios presented in the preceding recipe, there are both intentional and unintentional situations where an application may present technical application error data to the end client. Many times, applications are purposefully configured to present detailed technical data to clients during internal quality assurance testing. The problem is that these configurations are often forgotten when applications move into production. Besides forgetting to update the logging configuration, the fact is that many web application owners simply are unaware of these settings. Figure 6-4 shows an ASPX technical stack dump.
Figure 6-4: ASPX technical stack dump
This particular data was generated when the application received unexpected content such as a single-quote character ('). Although this information may not seem too ominous at first, it can help an attacker gain a better understanding of the application directory structure, format, and usage. This intelligence can help an attacker fine-tune his attack strategy.
The OWASP ModSecurity Core Rule Set includes a file ...
Get Web Application Defender's Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
