This section contains news related to Microsoft products and services. These include their popular Windows server products (2003, 2008, 2012), Windows workstation operating systems (Windows XP, Windows Vista, Windows 7, Windows 8 & 8.1), service pack releases and more.
Articles Tagged ‘Exploits’
Scan and Generate Firewall Rules to Secure your Website and WebServer with ModSecurity. Block Exploits & Vulnerability Attacks
ModSecurity is a very popular open-source web application Firewall used to protect webservers and websites from vulnerability attacks, exploits, unauthorized access and much more. In this article, we’ll show you how web vulnerability scanners, can be used to automatically generate the necessary rules that block all vulnerabilities identified during the scan.
This great feature of automatically generating ModSecurity rules for identified vulnerabilities through a web vulerability scanner (e.g Acunetix), giving all users the ability to now create and deploy ModSecurity rules immediately – saving valuable time and accelerating the whole scan-&-patching process considerably.
Figure 1. Generating ModSecurity Rules from a Web Application Vulnerability Scanner
ModSecurity is used by many vendors and webservice providers as it is capable of delivering a number of security services including:
- Full HTTP traffic logging.ModSecurity gives you the ability to log anything you need, including raw transaction data, which is essential for forensics analysis and in-depth tracing.
- Web Application Hardening. Helps fix cross-site request forgery vulnerabilities and enforce security policies with other Apache modules.
- Real-time application security monitoring. ModSecurity provides full access to the HTTP traffic stream along with the ability to inspect and action against attacks.
- Becomes a powerful exploit prevention tool when paired with web server and web application vulnerability scanners such as Netsparker.
Most Web Application Vulnerability Scanner vendors provide full details on how to use their web application scanner to successfully generate ModSecurity rules that will help identify and block existing vulnerabilities in web applications and web servers.
Successful web application attacks and the data breaches that are resulting from these attacks, have now become everyday news, with large corporations being hit constantly.
Our article covering major security breaches in well—known companies, clearly demonstrates that there are many gaps in web security, which are causing multi-million dollar damages to companies world-wide. In this article we analyze the best security practices and principals to help increase your web application security.
While security experts are adamant that there is still much to improve in most web applications’ security, the gaping security holes that attackers are exploiting, are still present, as can be confirmed by some of the latest string of attacks on Yahoo and several departments of the government of the United States.
These attacks, as one can imagine, are the cause of financial loss as well as loss of client trust. If you held an account with a company that suffered a data breach, you would think twice before trusting that company with your data again. Recently, developers have been brought into the fold with regards to web application security; a field that a couple of years ago was only relevant to security professionals whose jobs revolve around security. Nowadays, security has become a requirement that has to be implemented, for a web application developer to meet all the necessary deliverables. Security needs to become a part of the development process, where it is implemented in the code that is being written, and not just as an afterthought that becomes relevant after an attack.