In my April webinar, I showed how you could both attack and defend a vulnerable web application, using Manish Kishan Tanwar’s capture the flag system, “Billu B0x.” In the attack, I chained together exploits against three vulnerabilities: SQL injection, local file inclusion, and a kernel vulnerability. It took all three to get “root” administrative privilege. Once I got root, it was time to put on the defensive white hat, where we had at least four different ways that we could break the attack.
view on-demand webinar
Each of these defenses are things you could do proactively, as hardening measures you take before you even know that you have a vulnerability. Here’s what you could do:
- Use rate-limiting with iptables to break the web scanning that helped the attacker find the vulnerable web pages.
- Use ModSecurity, a free web application firewall, to catch and break the SQL injection attack.
- Use AppArmor to contain the attacker once he compromises the web application.
- Use a best practices iptables egress rule set to break the attacker’s reverse shell.
Jay Beale, co-founder, COO and CTO, InGuardians
Jay Beale has created several defensive security tools, including Bastille Linux/UNIX and the CIS Linux Scoring Tool, both of which were used widely throughout industry and government. He has served as an invited speaker at many industry and government conferences, a columnist for Information Security Magazine, SecurityPortal and SecurityFocus, and a contributor to nine books, including those in his Open Source Security Series and the “Stealing the Network” series. He has led training classes on Linux Hardening and other topics at Black Hat, CanSecWest, RSA, and IDG conferences, as well as in private corporate training. Jay is a co-founder, Chief Operating Officer and CTO of the information security consulting company InGuardians.