For many years ModSecurity was a number one free open source web application firewall for the Apache web server. At this year's BlackHat we would like to announce that right now ModSecurity is also available for IIS and nginx servers, making it a first free cross-platform WAF for on-line services. Using MSRC response process and CVE-2011-3414 as an example, we will show how ModSecurity can be used in early detection of attacks and mitigation of vulnerabilities affecting web infrastructure. We will also show how OWASP ModSecurity Core Rule Set can be used as a base for detection of 0-day attacks on Apache, IIS and nginx servers.
Greg Wroblewski, PhD, CISSP, is a senior security researcher at Microsoft's Trustworthy Computing Security group. Over the last 8 years he worked in many areas of security response, presenting part of his work at BlackHat 2007. At Microsoft he focuses on security problems in on-line services, detection of attacks and pentesting. In the past he was responsible for the technical side of patches in over 50 Patch Tuesday bulletins as well as hardening products like Windows and Office 2007. Recently he lead development effort to port ModSecurity module to IIS and nginx servers.
Ryan Barnett joined SpiderLabs after a decade in computer security. As Research -Surveillance Team Leader, he leads the SpiderLab team which specializes in application defense. This includes SPAM filtering, network IDS/IPS and web application firewalls. His main area of expertise is in application defense research. Barnett is renowned in the industry for his unique expertise. He has serves as the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set Project Leader and Project Contributor on the OWASP Top Ten and AppSensor Projects. He is a Web Application Security Consortium (WASC) Board Member and Project Leader for the Web Hacking Incident Database (WHID) and the Distributed Web Honeypot Projects. He is also a Certified Instructor at the SANS Institute. Barnett is regularly consulted by industry news outlets like Dark Reading, SC Magazine and Information Week. He is the author of Preventing Web Attacks with Apache (Addison-Wesley Professional, 2006.) Key industry events he has addressed include Blackhat, SANS AppSec Summit and the OWASP Global Summit.