[Owasp-Malaysia] How to test mod_security

ApOgEE jerungkun at gmail.com
Sun Sep 5 04:00:26 EDT 2010


Salam,

On Sun, Sep 5, 2010 at 2:29 PM, Muzamir Mokhtar <muzamir at pahang.gov.my>wrote:

> Salam,
>
> I have setup mod_security in my httpd.
> I have use rules from owasp.
> I have enable the rules and use the default ruleset.
> I have enable audit log.
>
> Question :
> 1) How do i know my mod_security is working properly?
>
test it using all common attacks that it should be blocking.
http://www.owasp.org/index.php/Category:Attack
http://www.owasp.org/index.php/Testing_for_Cross_site_scripting


> 2) Is there any additional modification i need to do in order to block
> the vulnerable attack such as sql injection, xss, spam comment and
> others.
>
> sanitize your input to prevent SQL injection
http://www.owasp.org/index.php/Guide_to_SQL_Injection




> Please do advice me on this.
>
> --
> Muzamir bin Mokhtar,
> Pegawai Teknologi Maklumat (F44)
> Unit Operasi
> Bahagian Teknologi Maklumat
> Pej SUK Pahang
> TEL : 095129424/425
> FAX : 095163490
> http://muzzoshah.blogspot.com
> http://muzzotechspot.blogspot.com
>
>
> ----------------------------------------------------------------
> DISCLAIMER:
> This e-mail and the attachment is from State Government of Pahang,
> Malaysia. It is intended solely for the person to whom they are
> addressed and may be confidential and privileged. If you are not the
> intended recipient, you are notified that disclosing, distributing,
> copying or taking any action in reliance of the content of this
> information is strictly prohibited. Please notify the sender
> immediately if you have received this e-mail and delete it from your
> system. The recipient should check the e-mail and any attachment for
> the presence of viruses that could be transmitted via e-mail. Email
> transmission cannot be guaranteed to be secure or error free as
> information could be intercepted, corrupted, lost, destroyed,
> incomplete or contain viruses. State Government of Pahang, Malaysia
> accepts no liability for any errors or omissions in the contents of
> this message which arises as a result of e-mail transmission.
> Opinions, conclusions and other information in this e-mail that does
> not relate to the official business of State Government of Pahang,
> Malaysia shall be understood as neither given nor endorsed by State
> Government of Pahang, Malaysia.
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
> _______________________________________________
> Owasp-Malaysia mailing list
> Owasp-Malaysia at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-malaysia
>
> OWASP Malaysia Wiki
> http://www.owasp.org/index.php/Malaysia
>
> OWASP Malaysia Wiki Facebook
> http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
>



-- 
Best Wishes,

M. Fauzilkamil Zainuddin
----------------------------------------------------
ApOgEE a.k.a JeRuNgKuN
----------------------------------------------------
https://edge.launchpad.net/~apogee <https://edge.launchpad.net/%7Eapogee> -
ApOgEE on LaunchPad
http://artofapogee.blogspot.com - Art Of ApOgEE
http://coderstalk.blogspot.com - Coder's Talk
----------------------------------------------------
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20100905/7e638726/attachment.html 


More information about the Owasp-Malaysia mailing list