December 2012
Intermediate to advanced
552 pages
13h 16m
English
Content preview from Web Application Defender's CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Recipe 11-3: Inspecting File Attachments for Malware
This recipe shows you how to determine when attackers attempt to force users to send unintentional requests.
Ingredients
- ClamAV (http://www.clamav.net)
- OWASP ModSecurity Core Rule Set
- modsecurity_crs_46_av_scanning.conf
- ModSecurity
- FILES_TMPNAMES variable
- @inspectFile operator
CAPEC-184: Software Integrity Attacks
An attacker initiates a series of events designed to cause a user, program, server, or device to perform actions which undermine the integrity of software code, device data structures, or device firmware, achieving the modification of the target’s integrity to achieve an insecure state.
Sample Attacks
A common attack vector is to abuse an application’s own file upload capability to plant malicious files on the site for other clients to download later. Allowing clients to upload files to your web application can potentially cause big problems, but many businesses require this functionality.
If you must allow file uploads in your web application, I strongly encourage you to review the OWASP Unrestricted File Upload vulnerability page.1 Although it is certainly possible to attack the web application platform itself, attacks on other systems are possible as well:
- If an .exe file is uploaded into the web tree, victims download an executable file containing a trojan.
- If a virus-infected file is uploaded, victims’ machines are infected.
- If an .html file containing ...