Podcasts about ModSecurity

Common Crawl includes Common Leaks The "Common Crawl" dataset, a large dataset created by spidering website, contains as expected many API keys and other secrets. This data is often used to train large language models https://trufflesecurity.com/blog/research-finds-12-000-live-api-keys-and-passwords-in-deepseek-s-training-data Github Repositories Exposed by Copilot As it is well known, Github's Copilot is using data from public GitHub repositories to train it's model. However, it appears that repositories who were briefly left open and later made private have been included as well, allowing Copilot users to retrieve files from these repositories. https://www.lasso.security/blog/lasso-major-vulnerability-in-microsoft-copilot MITRE Caldera Framework Allows Unauthenticated Code Execution The MITRE Caldera adversary emulation framework allows for unauthenticted code execution by allowing attackers to specify compiler options https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e modsecurity Rule Bypass Attackers may bypass the modsecurity web application firewall by prepending encoded characters with 0. https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-42w7-rmv5-4x2j

Josh and Kurt talk about a grab bag of old technologies that defined the security industry. Technology like SELinux, SSH, Snort, ModSecurity and more all started with humble beginnings, and many of them created new security industries. Show Notes SELinux AppArmor SSH ModSecurity Snort Nmap Nessus What comes after open source

Joining us this week is Christian Folini (@chrfolini), co-lead of the OWASP Core Rule Set project, co-author of the second edition ModSecurity Handbook and one of the few teachers on this subject. And he brings a first to the podcast – a discussion on ModSecurity and the OWASP project! For those that are new to these topics, Christian shares many insights on the OWASP volunteer organization mission and how it serves as the first line of defense against web application attacks. Many may not know that 70% of attacks are carried out at the web application level. He also shares perspective on the end-of-life support for the Trustwave ModSecurity Engine and what that means for the open-source community, along with details of the upcoming Swiss Cyber Storm event in October of which he is a program chair. It's going to be an awesome event you won't want to miss! Learn more here: https://www.swisscyberstorm.com/ Christian Folini, Author of the ModSecurity Handbook 2ed. OWASP Core Rule Set project co-lead and program chair Swiss Cyber Storm. Christian Folini brings more than ten years of experience with ModSecurity configuration in high security environments, DDoS defense and threat modeling. Christian is the author of the second edition of the ModSecurity Handbook and one of the few teachers on this subject. He is a Co-Lead of the OWASP ModSecurity Core Rule Set project. Christian serves as vice president of the Swiss federal public-private-partnership "Swiss Cyber Experts" and as the program chair of the "Swiss Cyber Storm" conference. He is also a frequent speaker at national and international conferences, where he tries to use his background in the humanities to explain hardcore technical topics to various audiences. For links and resources discussed in this episode, please visit our show notes at https://www.forcepoint.com/govpodcast/e201

Discussion this week around Chrome's Sanitizer API, and bypassing firewalls with webhooks and 0days (ModSecurity bypass), and a pre-auth BitBucket RCE. Links and summaries are available at https://dayzerosec.com/podcast/153.html [00:00:00] Introduction [00:00:31] Exploiting Web3's Hidden Attack Surface: Universal XSS on Netlify's Next.js Library [00:10:31] Breaking Bitbucket: Pre Auth Remote Command Execution [CVE-2022-36804] [00:16:25] [Chrome] Sanitizer API bypass via prototype pollution [00:23:02] How we Abused Repository Webhooks to Access Internal CI Systems at Scale [00:35:03] WAF bypasses via 0days [00:42:40] Cloning internal Google repos for fun and… info? [00:43:19] How to turn security research into profit: a CL.0 case study

Christian Folini is a Swiss security engineer and web application firewall expert working at netnea.com. Christian studied History and Computer Science and graduated with a PhD in Medieval History. He is the author of the ModSecurity Handbook (2ed), He also co-lead the OWASP ModSecurity Core Rule Set (CRS) project that runs on millions of servers globally. Furthermore he serves as the program chair of the Swiss Cyber Storm conference.Christian also teaches ModSecurity and Core Rule Set courses and consult companies who want to integrate ModSecurity and the Core Rule Set into their services or products, also in high security setups. For more SecTools podcast episodes, visit https://infoseccampus.com

Tips this week include: • Why I'm officially hooked on TikTok now • Facebook was down on Monday, and how I found out about it • Help with finding great video courses to vet • The ModSecurity issues and alternatives we are looking into • Updates coming to the Webmaster Training tutorials • Host control panel differences and how I'll be dealing with them for new tutorials • What's up with the host server setup issues all over the place • More expansion of the Bad SEO bot block tests and implementation • What we're discussing and supporting in our BB Hub Facebook group • Proof that faster sites do indeed rank better • Why I've lost faith in Google Search Console • A peek into our future and why it's time to pivot how you make money

Tips this week include: • Site and page SEO Workshop this week • Odd stuff still happening on sites and hosting • Video SEO course update • Theme testing update and the one we dropped from our list • The perfect course for designers who need to know more about speed • What I’m testing in the WP 5.7 Release Candidate this week • Gutenberg changes coming to WP 5.7 • Why SiteGround turned on Super Cacher for every account, and how to turn it off • Ready to move to better hosting? Get your request in now • Divi theme has ModSecurity issues and why my head blew up with their support replies • Why not to let any host, theme, or plugin compromise your site security • How to monetize your expertise and why you should

Tips this week include: • DIY SEO Workshop for Tracking SEO Performance is this week • The Video SEO course creation is underway • BlogAid’s phoenix journey and the big changes I’m making and why • What hosts have to do to protect against sophisticated hack attacks and how it impacts speed • ModSecurity is blocking certain words • More Full Site Editing features are coming in WP 5.7 • The plan for Full Site Editing to be a reality by the WP 5.8 release • Why WP had to draw a line in the sand with plugins controlling their own updates • Mediavine’s take on Web Stories • How Gutenberg’s faster performance is eroding page builder dominance • Where to get real-world, up-to-date tutorials for Gutenberg

Tips this week include: • No checkbox to turn off auto updates in WP 5.6 • State of the Word address this week on Dec 17 • Why you need to check your Grow Social Pro license • Why I’m so happy with the new GTMetrix tester • Why Google PageSpeed Insights is not an accurate tester • Where Google gets its speed data about your site • Update on Genesis Full Site Editing • BlogAid holiday schedule • Update on meeting with my video SEO clients for more testing • What to do if you can’t see edits in preview • A final word on getting errors when saving UpdraftPlus settings • Why not to run end around your host security settings • Why hosts are removing the WordPress Toolkit app in cPanel and what you need to check for

Tips this week include: • BlogAid Holiday Sales are still running • Free Gutenberg Webinar this Thursday, Dec 3 and everyone is welcome to attend live • New tutorial for Atomic Blocks to Genesis Blocks Migration • Update on the BlogAid SEO issue • Why not to be a Yoast hater here • WordPress 5.6 releases on Dec 8 and why we won’t be updating right away • Who will get my special update instructions for WP 5.6 • When the new Gutenberg Ninja tutorials with the WP 5.6 features will be released • Has SiteGround moved you to the new custom control panel? • ModSecurity at our hosting has tightened the rule set • The issue with UpdraftPlus that ModSecurity change made happen • A blip of a security issue with cPanel • Why you need separate accounts for hosting, domain, and email • Why you need to upgrade to PHP 7.4 right now • Why we won’t be using PHP 8.0 yet

A "trivial" Bhyve VM escape, a BitWarden "RCE", a ModSecurity "Denial of Service" and more scare quotes for your enjoyment in this week's episode. [00:00:33] Patient Dies After Ransomware Attack [00:08:05] Zerologon [CVE-2020-1472] [00:14:29] BitWarden Blind HTTP GET SSRF https://github.com/bitwarden/server/pull/812/commits/f094b76b6638932b13bb5ed2d9295185c54ce332https://github.com/bitwarden/desktop/issues/552 [00:23:40] Apache + PHP under v7.4.10 open_basedir bypass [00:29:59] ModSecurity v3 Affected By DoS (Severity HIGH) [CVE-2020-15598] [00:38:09] Bhyve VM Escape https://bsdsec.net/articles/freebsd-announce-freebsd-security-advisory-freebsd-sa-20-29-bhyve_svm [00:42:59] Webkit aboutBlankURL() code execution vulnerability [00:48:28] CVE-2020-9964 - An iOS infoleak [00:51:44] Online Casino Roulette - A guideline for pen testers [00:56:40] Light Can Hack Your Face! Black-box Backdoor Attack on Face Recognition [01:03:06] UniFuzz: Optimizing Distributed Fuzzing via Dynamic Centralized Task Scheduling [01:12:07] FANS: Fuzzing Android Native System Services via Automated Interface Analysis https://github.com/iromise/fans [01:19:52] OneFuzz framework, an open source developer tool to find and fix bugs at scale https://github.com/microsoft/onefuzz [01:28:35] Finding Australian Prime Minister Tony Abbott's passport number [01:34:08] ARM64 Reversing and Exploitation [01:37:25] Hypervisor Exploitation Compiled Research List https://github.com/bitwarden/server/pull/812/commits/f094b76b6638932b13bb5ed2d9295185c54ce332 Watch the DAY[0] podcast live on Twitch (@dayzerosec) every Monday afternoon at 12:00pm PST (3:00pm EST) Or the video archive on Youtube (@DAY[0])

Vulnerabilities were recently patched in the Discount Rules for WooCommerce plugin installed on over 40,000 WordPress sites. Developers from OWASP Core Rule Set said ModSecurity v3 is exposed to denial of service exploits, though the maintainers of ModSecurity reject that claim. A severe vulnerability called Zerologon in Windows Netlogon was patched in August; this bug could be exploited to attack enterprise servers. And a security researcher also discovered that the Windows TCPIP Finger command can also function as a file downloader and a makeshift command and control server. Last weekend, nearly 2,000 Magento stores were compromised in the largest hacking campaign since 2015.

Tips this week include: • A new post on what ModSecurity is and why you don’t want to turn it off permanently even if your host tells you to • A new post on how to add Google Analytics and other script code directly to your site • A new post on how to fix ModSecurity related errors when you try to add that script code • The change of date for Part 2 of the Image SEO live workshop • The new SEO workshops on the way for keywords and ranking • A status update on the new clients I’m currently onboarding for site service work • An opportunity for a Blab-like chat for those who are working from home now • A surprise, and last minute addition to WP 5.4 • Serious improvement to downloading Google Search Console reports

Christian Folini joins Chris at AppSec EU for this episode about ModSecurity and the Core Rule Set project from OWASP. They dive into the timeline for the abstraction layer piece of the project and much more. You can find Christian on Twitter @ChrFolini. OWASP ModSecurity Core Rule Set ModSecurity The post CRS and an Abstraction Layer (S04E02) appeared first on Security Journey Podcasts.

Web application firewalls (WAF) are a specialized form of firewall designed to protect applications from internet-based attacks. Firewalls must be lightweight to ensure people can quickly get onto the internet and data can be returned, but WAFs are much more sophisticated. They need to interact with data coming from the web server and the user and analyze it in ways that a traditional firewall cannot. It is an application itself. Atomicorp CEO and long-time Modsecurity contributor Mike Shinn talks about these differences, good and bad WAF attributes, software-based WAFs, the role of rules in making a WAF effective and the origin of the open source WAF Modsecurity.   

On this weeks episode of the #AppSec Podcast, Robert and Chris are joined by Tin Zaw, an advocate for ModSecurity. He dives into its background, the use of rules, and the many advantages. Rate us on iTunes and provide a positive comment, please! The post ModSecurity and #AppSec (S02E19) – Application Security PodCast appeared first on Security Journey Podcasts.

Direct Link: http://traffic.libsyn.com/brakeingsecurity/2017-023-Jay_Beale-selinux-apparmor-securing_lxc.mp3   Jay Beale works for a pentest firm called "Inguardians", and has always been a fierce friend of the show. He's running a class at both BlackHat and Defcon all about hardening various parts of the Linux OS. This week, we discuss some of the concepts he teaches in the class.  Why do we disable Selinux? Is it as difficult to enable as everyone believes? What benefit do we get from using it?  We also discuss other hardening applications, like ModSecurity for Apache, Suhosin for PHP, and Linux Containers (LXC). What is gained by using these, and how can we use these to our advantage? Really great discussion with Jay, and please sign up for his class for a two day in-depth discussion of all the technologies discussed on the show. -------- Jay Beale’s Class “aikido on the command line: hardening and containment” JULY 22-23 & JULY 24-25    AT BlackHat and Defcon https://www.blackhat.com/us-17/training/aikido-on-the-command-line-linux-hardening-and-containment.html       ------- Brakesec also announces our "PowerShell for Blue Teamers and Incident Responders" with Mick Douglas (@bettersafetynet). A 6 week course starting with the basics of powershell, and goes into discussion of frameworks using Powershell too assist in assessing your network. It starts on 10 July and run each Monday evening until 14 August 2017. You'll receive a certificate suitable for CPE credit, as well as the videos of the class available to you on our YouTube channel. To sign up, go to our Patreon Page (http://www.patreon.com/bds_podcast) and sign up at the $20 USD level labeled "Blue Team Powershell - Attendee". If you are looking to just get the videos and follow along in class, pick the $10 USD "Blue Team Powershell - Attendee- Videos Only" Classes will be held on Monday Evenings only for 5 weeks, ending on 1 August.   #RSS: www.brakeingsecurity.com/rss Youtube Channel:  https://www.youtube.com/channel/UCZFjAqFb4A60M1TMa0t1KXw iTunes Store Link:  https://itunes.apple.com/us/podcast/brakeing-down-security-podcast/id799131292?mt=2  #Google Play Store: https://play.google.com/music/m/Ifp5boyverbo4yywxnbydtzljcy?t=Brakeing_Down_Security_podcast     Join our #Slack Channel! Sign up at https://brakesec.signup.team #iHeartRadio App:  https://www.iheart.com/show/263-Brakeing-Down-Securi/ #SoundCloud: https://www.soundcloud.com/bryan-brake Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast on #Patreon: https://www.patreon.com/bds_podcast #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://player.fm/series/brakeing-down-security-podcast #Stitcher Network: http://www.stitcher.com/s?fid=80546&refid=stpr #TuneIn Radio App: http://tunein.com/radio/Brakeing-Down-Security-Podcast-p801582/       --- Show Notes:   AppArmor   SELinux   Privilege Escalation - InGuardians Murderboard   Port Knocking (Single Pack Authorization)   OSSEC   ModSecurity   Linux Containers   Jess frizelle -bane   Dan walsh - selinux   Selinux troubleshoot daemon   https://en.wikipedia.org/wiki/System_call   “In computing, a system call is the programmatic way in which a computer program requests a service from the kernel of the operating system it is executed on. This may include hardware-related services (for example, accessing a hard disk drive), creation and execution of new processes, and communication with integral kernel services such as process scheduling. System calls provide an essential interface between a process and the operating system.”   OpenBSD pledge(2): https://man.openbsd.org/pledge.2   https://www.raspberrypi.org/products/raspberry-pi-2-model-b/   Suhosin   https://www.blackhat.com/us-17/training/aikido-on-the-command-line-linux-hardening-and-containment.html   @inguardians @jaybeale www.inguardians.com ----   What are you doing at Black Hat and Def Con?   Training class at Black Hat - 2 days Def Con Workshop - ModSecurity and AppArmor - 4 hours Packet Hacking Village Workshop - Container security Vapor Trail at Def Con Labs (Larry and Galen) Dancing my butt off?

This segment of the "Less than 10 Minutes" series was recorded live at AppSec EU 2017 in Belfast. It is an update of the ModSecurity Core Rule Set Project with project co-lead Christian Folini. The OWASP ModSecurity CRS Project's goal is to provide an easily "pluggable" set of generic attack detection rules that provide a base level of protection for any web application. The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.

Nous discustons avec Joel Hébert de son expérience avec ModSecurity et IIS. ModSecurity est un pare-feu applicatif web qui ajoute des fonctions de sécurité pour le serveur HTTP Apache, IIS et Nginx. C’est un logiciel libre distribué sous la licence Apache 2.0. Joel Hebert est un architecte logiciel qui réside à Ottawa. Il se passionne pour la sécurité et l'architecture. Il est un MVP ASP.Net et est un des leaders du groupe d'utilisateurs à Ottawa. Il aime partager ses connaissances du piratage, des tests de pénétration et d'audit en continu sur les vecteurs d'attaque modernes de sécurité. Liens ModSecurity Livre: Web Application Defender's Cookbook: Battling Hackers and Protecting Users Site Web de Troy Hunt: Have I Been Pwned?

We present Sphinx, a new fully anomaly-based Web Intrusion Detection Systems (WIDS). Sphinx has been implemented as an Apache module (like ModSecurity, the most deployed Web Application Firewall), therefore can deal with SSL and POST data. Our system uses different techniques at the same time to improve detection and false positive rates. Being anomaly-based, Sphinx needs a training phase before the real detection could start: during the training, Sphinx ?learns? automatically the type of each parameter inside user requests and applies the most suitable model to detect attacks. We define 3 basic types: numerical, short and long texts. The idea behind this is that, e.g., if we observe only integer values and later some text, that is likely to be an attack (e.g. SQL Injection or XSS). For numerical parameters, a type checker is applied. For short texts (text with fixed length or slight variations), Sphinx uses a grammar checker: grammars are built observing the parameter content (during the training phase) and then used to check the similarity of new content during detection. Long texts are typically e-mail/forum messages, which change often their length and would produce infeasible grammars. For this kind of content we use a modified version of our NIDS POSEIDON, using n-gram analysis. Furthermore, Sphinx can actively support the deployment of WAFs like ModSecurity: e.g. if we are deploying an ad hoc web application, most probably we need to spend a lot of time on writing signatures (or when 3rd parties? software is used). Once Sphinx accomplishes the training phase, it can automatically generates ModSecurity-style signatures for numerical and (some) short-text parameters, making the deployment much easier.

We present Sphinx, a new fully anomaly-based Web Intrusion Detection Systems (WIDS). Sphinx has been implemented as an Apache module (like ModSecurity, the most deployed Web Application Firewall), therefore can deal with SSL and POST data. Our system uses different techniques at the same time to improve detection and false positive rates. Being anomaly-based, Sphinx needs a training phase before the real detection could start: during the training, Sphinx ?learns? automatically the type of each parameter inside user requests and applies the most suitable model to detect attacks. We define 3 basic types: numerical, short and long texts. The idea behind this is that, e.g., if we observe only integer values and later some text, that is likely to be an attack (e.g. SQL Injection or XSS). For numerical parameters, a type checker is applied. For short texts (text with fixed length or slight variations), Sphinx uses a grammar checker: grammars are built observing the parameter content (during the training phase) and then used to check the similarity of new content during detection. Long texts are typically e-mail/forum messages, which change often their length and would produce infeasible grammars. For this kind of content we use a modified version of our NIDS POSEIDON, using n-gram analysis. Furthermore, Sphinx can actively support the deployment of WAFs like ModSecurity: e.g. if we are deploying an ad hoc web application, most probably we need to spend a lot of time on writing signatures (or when 3rd parties? software is used). Once Sphinx accomplishes the training phase, it can automatically generates ModSecurity-style signatures for numerical and (some) short-text parameters, making the deployment much easier.