Configuring User Defined Patterns

Similar documents
Attacks Description - Action Policy

Web Application Security. Philippe Bogaerts

CNIT 129S: Securing Web Applications. Ch 10: Attacking Back-End Components

Security Research Advisory IBM WebSphere Portal Cross-Site Scripting Vulnerability

Configuring an Enhanced Standard Security Policy

CIS 4360 Secure Computer Systems XSS

epldt Web Builder Security March 2017

CSCE 813 Internet Security Case Study II: XSS

HTTP 1.1 Web Server and Client

Security issues. Unit 27 Web Server Scripting Extended Diploma in ICT 2016 Lecture: Phil Smith

CSE 127 Computer Security

1. Oracle mod_plsql v in Oracle9i Application Server v1.0.2.x (Oracle9iAS v1.0.2.x)

dotdefender User Guide Applicure Web Application Firewall

BIG-IP DataSafe Configuration. Version 13.1

Web Security. Jace Baker, Nick Ramos, Hugo Espiritu, Andrew Le

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

The security of Mozilla Firefox s Extensions. Kristjan Krips

Your Turn to Hack the OWASP Top 10!

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Barracuda Web Application Firewall Advanced Security Features - WAF02

Copyright

Application vulnerabilities and defences

Hypertext Transport Protocol

Scan Report Executive Summary. Part 2. Component Compliance Summary IP Address :

A (sample) computerized system for publishing the daily currency exchange rates

C1: Define Security Requirements

3. WWW and HTTP. Fig.3.1 Architecture of WWW

OWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati

dotdefender v5.18 User Guide

Secure web proxy resistant to probing attacks

Security Engineering by Ross Andersson Chapter 18. API Security. Presented by: Uri Ariel Nepomniashchy 31/05/2016

Bank Infrastructure - Video - 1

Barracuda Web Application Firewall Foundation - WAF01. Lab Guide

BIG-IP Application Security Manager : Attack and Bot Signatures. Version 13.0

P2_L12 Web Security Page 1

Content Security Policy

RSA SecurID Implementation

Computer Security 3e. Dieter Gollmann. Chapter 18: 1

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

CSCE 548 Building Secure Software SQL Injection Attack

Configuring Virtual Servers

Web basics: HTTP cookies

HP 2012 Cyber Security Risk Report Overview

How is state managed in HTTP sessions. Web basics: HTTP cookies. Hidden fields (2) The principle. Disadvantage of this approach

HTTP 1.1 Web Server and Client

Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I

Create and Apply Clientless SSL VPN Policies for Accessing. Connection Profile Attributes for Clientless SSL VPN

Application Security through a Hacker s Eyes James Walden Northern Kentucky University

Secure Development Guide

Web Security. Thierry Sans

How to Configure Authentication and Access Control (AAA)

OWASP Top 10. Copyright 2017 Ergon Informatik AG 2/13

AppSpider Enterprise. Getting Started Guide

How to Configure User Authentication and Access Control

XSS Homework. 1 Overview. 2 Lab Environment

Web Security: Vulnerabilities & Attacks

PCI DSS Compliance. Verba SOLUTION GUIDE. Introduction. Verba and the Payment Card Industry Data Security Standard

Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma

The Top 6 WAF Essentials to Achieve Application Security Efficacy

CNIT 129S: Securing Web Applications. Ch 3: Web Application Technologies


Web Security. Attacks on Servers 11/6/2017 1

OTM-DE Repository User Guide

HTTPS The New B2Bi Portal. Bank of America s secure web transmission interface user guide

Is Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection

CompTIA. SY0-401 EXAM CompTIA Security+ Certification Exam. m/ Product: Demo. For More Information:

Application Security Introduction. Tara Gu IBM Product Security Incident Response Team

Web insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.

Only applies where the starting URL specifies a starting location other than the root folder. For example:

SAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0

Web basics: HTTP cookies

CS 161 Computer Security

Securing Apache Tomcat. AppSec DC November The OWASP Foundation

Security Communications and Awareness

CS 155 Project 2. Overview & Part A

How to Configure User Authentication and Access Control

Cisco IOS Login Enhancements-Login Block

Scan Report Executive Summary

Mobile Trends And The New Threats Is Your SAP System Vulnerable to Cyber Attacks? Stephen Lamy, Virtual Forge

Configuring Request Authentication and Authorization

Aguascalientes Local Chapter. Kickoff

5/10/2009. Introduction. The light-saber is a Jedi s weapon not as clumsy or random as a blaster.

CyberP3i Hands-on Lab Series

Security+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems

This slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in

"GET /cgi-bin/purchase?itemid=109agfe111;ypcat%20passwd mail 200

WEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang

Sensitive Data Detection

DEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology

Secure coding practices

SQL Injection Attack Lab

The SOAPbox User s Guide

ESORICS September Martin Johns

Kishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009

EasyCrypt passes an independent security audit

Web 2.0 Attacks Explained

Web Application Vulnerabilities: OWASP Top 10 Revisited

Dell SonicWALL Secure Mobile Access 8.5. Web Application Firewall Feature Guide

Uniform Resource Locators (URL)

Transcription:

The allows you to create customized data patterns which can be detected and handled according to the configured security settings. The uses regular expressions (regex) to define data type patterns. Custom data types can be defined using regex patterns to implement advanced data type enforcement on input parameters. For guidelines on how to write regular expressions, see Extended Match Syntax. The pattern-match engine recognizes the lexical patterns in text and compares inputs to defined data type patterns. For example, the following is the default regex pattern for a Visa credit card: 4[[:digit:]]{12} 4[[:digit:]]{15} A pattern can also be associated with an algorithm, for example, an algorithm to validate a credit card number can be associated with a credit card pattern. The algorithm runs on all strings matching the regular expression to decide whether they actually conform to this pattern. Internal Patterns The SECURITY > View Internal Patterns page includes Identity Theft Patterns, Attack Types, Input Types, and Parameter Class. Each data type exhibits a unique pattern. These patterns can be bound to a policy or to profiles of an web application to validate the incoming requests. The patterns displayed by default under each pattern group cannot be modified. To create a modified pattern, use the Copy function to copy a pattern, then modify it as required. The copied pattern group can be found on the SECURITY > Libraries page under the corresponding group. You can modify or delete patterns as required, and then apply them to a service security policy. For more information on how to copy a pattern group, refer to Steps to Copy a Pattern Group. The following provides a brief description about the internal patterns. Identity Theft Patterns Identity theft is the loss of personal data resulting in fraud. Disclosure of sensitive information such as credit card numbers, banking information, passwords, or usernames in service communication might enable identity theft. The prevents unauthorized exposure of at risk data. The Identity Theft container includes Credit Cards, Social Security Numbers, and Directory Indexing data types. In addition, customized identity theft patterns can be created and used. For more information, see How to Configure Data Theft Protection. Attack Types An attack is a technique used to exploit vulnerabilities in web applications. Attacks can insert or modify code in requests. If a request contains an attack pattern, it is dropped. The attack data type container includes patterns for identifying Cross-site Scripting, Remote-file Inclusion, SQL Injection, Directory Traversal, and OS Command Injection attacks. In addition customized attack data types can be created and used. Input Types Input data types are used to validate the HTTP request parameters. Inputs come from web forms, applications and Services, custom client applications, or file based records. This validation ensures that the data conforms to the correct syntax, is within length boundaries, and contains only permitted characters or numbers. Requests failing validation are assumed intrusions and are blocked. Input types are defined using reg-ex patterns. Default Input Types including credit cards, numeric, hex-number, alpha, alphanumeric, string, name, and date are 1 / 7

provided. In addition, customized Input Types can be defined and used. Parameter Class Parameter class defines acceptable values for parameters. Parameter classes are bound to Parameter Profiles using SECURITY > Website Profiles > Parameter Profiles and specify validation criteria for parameters in a request. In addition to the internal parameter classes, customized parameter classes can be created and used. Steps to Copy a Pattern Group Do the following to copy a pattern group: 4. 5. 6. From the SECURITY > View Internal Patterns page identify the group you want to copy. Click Copy next to that group. The Copy window appears. In the New Group field, specify a new name for the group and click Paste. Navigate to the SECURITY > Libraries page. The new pattern group appears under the group to which it belongs. Click Edit Pattern to edit a particular pattern. Click Delete to delete a particular pattern. Creating and Using Custom Attack Types The SECURITY > Libraries > Attack Types section allows creation of custom attack data types which, when detected in a request, identify the request as an attack. One or more patterns which define the format of the attack type can be added to each group. Creating a Custom Attack Type Pattern Go to the SECURITY > Libraries > Attack Types section. Enter a name in the New Group text box and click Add. The new attack type group created appears in the Attack Types section. Click Add Pattern next to that group. The Attack Types window appears. Specify values for the following fields: Pattern Name Enter a name for the pattern. Status Set to On if you wish to use this pattern for pattern matching in the responses. Pattern Regex Define the regular expression of the pattern or click the Edit icon to select and insert the pattern. 4. Pattern Algorithm Select the algorithm to be associated with the pattern from the list. 5. Case Sensitive Select Yes if you wish the pattern defined to be treated as case sensitive. 6. Pattern Description Optional. Enter a description for the defined pattern. Example, Visa credit card pattern would indicate the pattern matches a visa credit card. 4. Click Add. Using a Custom Attack Type The added attack type pattern becomes available under Custom Blocked Attack Types on the following pages and sections: SECURITY > Libraries > Custom Parameter Class SECURITY > Website Profiles > URL Profiles SECURITY > Security Policies > URL Protection SECURITY > Security Policies > Parameter Protection The Custom Blocked Attack Types are enabled by default under the SECURITY > Libraries > Custom Parameter Class section and the SECURITY > Website Profiles > URL Profiles section. Whereas in the SECURITY > Security Policies > URL Protection and SECURITY > Security Policies > Parameter 2 / 7

Protection pages you have to manually select the custom attack types. Creating and Using Custom Input Types The includes a collection of predefined and custom input data types, which can be used to validate HTTP Request parameters. Input data types are used to validate that request parameters conform to expected formats. Most attacks can be prevented by properly validating input parameter values against expected input data types. Input Type validation enforces the expected formats rather than trying to identify malicious values. Requests failing validation are identified as intrusions and blocked. Default Input Types including alpha-numeric strings, credit card, date and positive-long-integer are provided. Custom Input Data Types can also be added. The SECURITY > Libraries > Input Types section allows you to create customized input data types. One or more patterns which define the format of the input type can be added to each group. Creating a Custom Input Type Pattern Go to the SECURITY > Libraries > Input Types section. Enter a name in the New Group text box and click Add. The new input type group created appears in the Input Types section. Click Add Pattern next to that group. The Input Types window appears. Specify values for the fields and click Add to save the pattern. Using a Custom Input Type Perform the following steps to use a custom input data type: Go to the SECURITY > Libraries > Custom Parameter Class section. Click Add Custom Parameter Class. The Add Custom Parameter Class window appears. In the Name text box, enter a name for the custom parameter class. 4. Select CUSTOM from the Input Type Validation drop-down list. 5. Select the custom input type you created from the Custom Input Type Validation drop-down list. 6. In the Denied Metacharacters text box, enter the metacharacters or click the Edit icon to select and apply the metacharacters to be denied in this parameter value. 7. Select the required check box(es) of Blocked Attack Types and Custom Blocked Attack Types and click Add. 8. Bind this custom parameter class to a parameter profile. Creating and Using Custom Parameter Class The SECURITY > Libraries > Custom Parameter Class section allows creation of custom parameter classes which enforce expected input formats and block attack formats for request parameters. One or more patterns which define the format of the data type can be added to each group. Bind the custom parameter class to a parameter profile by adding a new parameter profile or editing an existing parameter profile using SECURITY > Website Profiles. Creating a Custom Parameter Class Go to the SECURITY > Libraries > Custom Parameter Class section. Click Add Custom Parameter Class. The Add Custom Parameter Class window appears. Specify values for the following fields: Name Enter a name for the custom parameter class. Input Type Validation Select the expected type of value for the configured parameter on the SECURITY > Website Profiles. Most of the attacks could be prevented by properly validating input parameter values against the expected input. Input Type validation enforces the expected value type as opposed to looking for malicious values. Values of configured parameters are 3 / 7

validated against the specified Input Type and requests with failed validations are detected as intrusions and blocked. Custom Input Type Validation Select the expected custom input data type for the configured parameter. 4. Denied Metacharacters Enter the metacharacters to be denied in the parameter value, or click the Edit icon to select and apply the metacharacters. 5. Blocked Attack Types Select the check box(es) to detect malicious patterns in the configured parameter. An intrusion is detected when the value of the configured parameter matches one of the specified Attack Types and the request is blocked. 6. Custom Blocked Attack Types Select the custom attack type check box(es) to be used to detect the intrusions. Click Add to add the above configuration. Using a Custom Parameter Class Perform the following steps to use a custom parameter class: Go to the SECURITY > Website Profiles page In the Service section, click the Website drop-down list and select the Service for which you wish to add the parameter profile. In the URL Profiles section, select the check box next to the URL profile to which you want to add the Parameter profile. 4. In the Parameter Profiles section, click Add Param. The Create Parameter Profile window appears. 5. In the Parameter Profile Name text box, specify a name for the parameter profile. Ensure the Status is set to On. 6. Select CUSTOM from the Parameter Class drop-down list. 7. Select the custom parameter class you created from the Custom Parameter Class drop-down list and click Add. 8. Now, the parameter profile is used to validate the requests coming for the Service you selected depending on the Mode you configured in the URL profile. For more information on URL and Parameter Profiles. See Configuring Website Profiles. Creating and Using Custom Response Page The SECURITY > Libraries > Response Pages section allows creation of customized HTML response pages for HTTP requests that violate security policies on the. Either Edit an existing default response page or use Add Response Page to add customized response pages that can be shared among multiple Services. Creating a Custom Response Page Go to the SECURITY > Libraries > Response Page section. Click Add Response Page. The Add Response Page window appears. Specify values for the following fields: Response Page Name Enter a name for the response page. Status Code- Enter the HTTP status for the response page. Examples: 403 Forbidden 405 Method Not Allowed 406 Not Acceptable Headers- Enter the response headers for the response page. Examples: Allow What request methods (GET, POST, etc.) does the server support? Content-type Content type of the resource (such as text/html). Connection Options that are specified for a particular connection and must not be communicated by proxies over further connections. 4. Location Where should client go to get document? 4 / 7

5. Refresh How soon should browser ask for an updated page (in seconds)? 4. Body- Enter the response body for the response page. The following macros are supported: %action-id This will be replaced by the attack ID of the violation which resulted in the response page to be displayed. %host This will be replaced by the host header which sent the request. %s This will be replaced by the URL of the request which caused the violation. 4. %client-ip This will be replaced by the Client IP of the request which caused the violation. 5. %attack-time This will be replaced by the time at which the violation occurred. 6. %attack-name This will be replaced by the attack name of the violation which resulted in the response page to be displayed. Click Add to add the new custom page. Example of a custom response: The request from %client-ip at %attack-time for the URL %s cannot be served due to attack %action-id on the host %host. An image can also be embedded in the response page. Here are the steps to do so: Convert the image to base64 using openssl or any other utility. Example: openssl base64 -in barracuda.jpg -out barracuda-jpg.b64 Embed the base64 encoded image into html with the "img" tag. Example: <html><img src="data:image/jpeg;base64,[base64 ENCODED IMAGE] alt="test"/></html> Using a Custom Response Page The added response page is listed under the following pages and sections: SECURITY > Security Policies > Global ACLs > Existing Global ACLs SECURITY > Security Policies > Action Policy > Action Policy SECURITY > Allow/Deny > URL : Allow/Deny Rules Perform the following steps to use a custom response page: Steps to Use a Custom Response Page in the URL : Allow/Deny Rules 4. 5. 6. Go to the SECURITY > Allow/Deny > URL : Allow/Deny Rules section. Click Add next to the Service for which you want to configure the response page. The Create ACL window appears. In the URL ACL Name text box, enter a name for the URL ACL. Select Response Page from the Deny Response drop-down list. Select the response page you created from the Response Page drop-down list. If required change values of other parameter(s) and click Add. Steps to Use a Custom Response Page in the Action Policy Go to the SECURITY > Security Policies > Action Policy > Action Policy section. Click Edit next to the action policy for which you want to add the response page. The Edit Attack Action window appears. Select the response page you created from the Response Page drop-down list, and click Save Changes. Steps to Use a Custom Response Page in the Existing Global ACLs Go to the SECURITY > Security Policies > Global ACLs > Existing Global ACLs section. Click Edit next to the URL ACL for which you want to add the response page. The Edit Global ACL window appears. 5 / 7

Select the response page you created from the Response Page drop-down list, and click Save Changes. 6 / 7

7 / 7

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback