ISACA LA Lab Supplement

Full Class Deck – https://www.petermorin.com/wp-content/uploads/2021/04/ISACA-LA-Workshop-2021_Draft_final.pdf

 

Lab exercises PowerPoint deckhttps://www.petermorin.com/wp-content/uploads/2021/04/labDeck.pdf

 

Lab #14 – Example Mod_Security Rules

# default action when matching rules
SecDefaultAction “phase:2,deny,log,status:406”

# [etc/passwd] is included in request URI
SecRule REQUEST_URI “etc/passwd” “id:’500001′”

# [../] is included in request URI
SecRule REQUEST_URI “\.\./” “id:’500002′”

# [<SCRIPT] is included in arguments
SecRule ARGS “<[Ss][Cc][Rr][Ii][Pp][Tt]” “id:’500003′”

# [SELECT FROM] is included in arguments
SecRule ARGS “[Ss][Ee][Ll][Ee][Cc][Tt][[:space:]]+[Ff][Rr][Oo][Mm]” “id:’500004′”

Comments are closed.