[Owasp-Malaysia] How to test mod_security

hanif at um.edu.my hanif at um.edu.my
Sun Sep 5 04:08:02 EDT 2010


Salam..

pegawai 44 buat keje ni ? waaa.. kalau la pegawai 44 kat tempat aku
buat benda yang sama kan best.. kurang sket beban kami pekerja
bawahan ni :D

tahniah2... teruskan usaha :D

Quoting ApOgEE <jerungkun at gmail.com> on Sun, 5 Sep 2010 16:00:26
+0800:
Salam,

On Sun, Sep 5, 2010 at 2:29 PM, Muzamir Mokhtar
<muzamir at pahang.gov.my> wrote:
  Salam,

I have setup mod_security in my httpd.
I have use rules from owasp.
I have enable the rules and use the default ruleset.
I have enable audit log.

Question :
1) How do i know my mod_security is working properly?
  test it using all common attacks that it should be blocking.
http://www.owasp.org/index.php/Category:Attack
http://www.owasp.org/index.php/Testing_for_Cross_site_scripting
     2) Is there any additional modification i need to do in order to
block
the vulnerable attack such as sql injection, xss, spam comment and
others.

  sanitize your input to prevent SQL injection
http://www.owasp.org/index.php/Guide_to_SQL_Injection

     Please do advice me on this.

--
Muzamir bin Mokhtar,
Pegawai Teknologi Maklumat (F44)
Unit Operasi
Bahagian Teknologi Maklumat
Pej SUK Pahang
TEL : 095129424/425
FAX : 095163490
http://muzzoshah.blogspot.com
http://muzzotechspot.blogspot.com

----------------------------------------------------------------
DISCLAIMER:
This e-mail and the attachment is from State Government of Pahang,
Malaysia. It is intended solely for the person to whom they are
addressed and may be confidential and privileged. If you are not the
intended recipient, you are notified that disclosing, distributing,
copying or taking any action in reliance of the content of this
information is strictly prohibited. Please notify the sender
immediately if you have received this e-mail and delete it from your
system. The recipient should check the e-mail and any attachment for
the presence of viruses that could be transmitted via e-mail. Email
transmission cannot be guaranteed to be secure or error free as
information could be intercepted, corrupted, lost, destroyed,
incomplete or contain viruses. State Government of Pahang, Malaysia
accepts no liability for any errors or omissions in the contents of
this message which arises as a result of e-mail transmission.
Opinions, conclusions and other information in this e-mail that does
not relate to the official business of State Government of Pahang,
Malaysia shall be understood as neither given nor endorsed by State
Government of Pahang, Malaysia.

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
Owasp-Malaysia mailing list
Owasp-Malaysia at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-malaysia

OWASP Malaysia Wiki
http://www.owasp.org/index.php/Malaysia

OWASP Malaysia Wiki Facebook
http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420

-- 
Best Wishes,

M. Fauzilkamil Zainuddin
----------------------------------------------------
ApOgEE a.k.a JeRuNgKuN
----------------------------------------------------
https://edge.launchpad.net/~apogee - ApOgEE on LaunchPad
http://artofapogee.blogspot.com - Art Of ApOgEE
http://coderstalk.blogspot.com - Coder's Talk
----------------------------------------------------



-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-malaysia/attachments/20100905/f044bab8/attachment.html 


More information about the Owasp-Malaysia mailing list