CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

Google Summer of Code (GSoC) + OWASP + ModSecurity = Awesome

image from 3.bp.blogspot.comOWASP is again participating in the Google Summer of Code (GSoC) Program for 2014 by acting as a Mentoring Organization. This is an outstanding opportunity for college students to get a chance to contribute to open source projects, gain experience and make some money over the summer. Here is a quick graphic that shows how GSoC works:

8298_213a981c-45a6-417a-aa9e-1a0e235f784c

There are many OWASP Project Ideas for students to choose from.

GSoC Ideas for ModSecurity

We had great success last year when Mihai Pitu created a port of ModSecurity to the Java platform by using JNI interface to hook in the standalone ModSecurity code. This year, we have even more ideas for students to choose from! Time is running out for submissions so you better hurry.

OWASP ModSecurity Core Rule Set (CRS) - ModSecurity Ruby API

Brief explanation: Adding the capability of rapid prototyping to ModSecurity functionalities trough scripts will open the possibility for easy rules production and customization, It also opens the possibility for a large community such as Ruby developers to create their own customization on the top of ModSecurity and so customize their own rules, analog of today's Lua support.

Expected results: An implementation able to handle Ruby scripts which will interact to ModSecurity as Lua does.

References: Embedding Ruby into C++ (ModSecurity is C, using C++ as reference): http://aeditor.rubyforge.org/ruby_cplusplus/index.html ModSecurity Reference Manual, Lua: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecRuleScript

Knowledge Prerequisite: C and Ruby programming and ModSecurity Development Guidelines - http://www.modsecurity.org/developers/. Mentor: Felipe Zimmerle Costa and Ryan Barnett - OWASP ModSecurity Core Rule Set Project Leader

OWASP ModSecurity Core Rule Set (CRS) - ModSecurity Python API

Brief explanation: Adding the capability of rapid prototyping to ModSecurity functionalities trough scripts will open the possibility for easy rules production and customization, It also opens the possibility for a large community such as Python developers to create their own customization on the top of ModSecurity and so customize their own rules, analog of today's Lua support.

Expected results: An implementation able to handle Python scripts which will interact to ModSecurity as Lua does.

References: Embedding Python into C/C++: http://docs.python.org/3.3/extending/embedding.html ModSecurity Reference Manual, Lua: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual#wiki-SecRuleScript

Knowledge Prerequisite: C and Python programming and ModSecurity Development Guidelines - http://www.modsecurity.org/developers/. Mentor: Felipe Zimmerle Costa and Ryan Barnett - OWASP ModSecurity Core Rule Set Project Leader

OWASP ModSecurity Core Rule Set (CRS) - Create "Sniffer-Mode"

Brief explanation:

The ModSecurity code includes a "standalone" version that wraps a light weight Apache/APR around the ModSecurity code. This is used as the basis for the ports to the IIS/Nginx web server platforms. The goal for this project task is to extend this standalone version so that it can accept a data feed of network traffic (e.g. libpcap) data as input and apply the ModSecurity CRS rules. Possible solutions could be:

  • Create a ModSecurity "plugin" for the Snort IDS.
  • Create a ModSecurity "plugin" for the Suricata IDS.
  • Add libpcap sniffer wrapper to standalone ModSecurity code to directly pull data off the wire.

Expected results:

This new sniffer mode would allow organizations to run ModSecurity/OWASP ModSecurity CRS in an out of line mode as they do IDS systems.

Knowledge Prerequisite:

C programming and ModSecurity Development Guidelines - http://www.modsecurity.org/developers/.

Mentor: Felipe Zimmerle Costa and Ryan Barnett - OWASP ModSecurity Core Rule Set Project Leader

OWASP ModSecurity Core Rule Set (CRS) - Implement DoS Prevention Code

Brief explanation:https://github.com/SpiderLabs/ModSecurity/issues/416

Implement a request velocity learning engine to identify dynamic DoS thresholds for both the site and for the particular URL.

Expected results:

The new C code in ModSecurity will allow us to add new DoS Protection methods to the OWASP ModSecurity CRS.

Knowledge Prerequisite:

C programming and ModSecurity Development Guidelines - http://www.modsecurity.org/developers/.

Mentor: Felipe Zimmerle Costa and Ryan Barnett - OWASP ModSecurity Core Rule Set Project Leader

OWASP ModSecurity Core Rule Set (CRS) - Create a Positive Learning/Profile Engine

Brief explanation: See this academic/research paper for ideas of the type of learning we are looking for - http://www.cs.ucsb.edu/~vigna/publications/2003_kruegel_vigna_ccs03.pdf

ModSecurity needs a profiling engine that implements the various AppSensor Detection Points - http://blog.spiderlabs.com/2011/08/implementing-appsensor-detection-points-in-modsecurity.html.

Expected results:

The new engine will implement more detection points to detect abnormal request attributes.

Knowledge Prerequisite:

C programming and ModSecurity Development Guidelines - http://www.modsecurity.org/developers/.

Mentor: Felipe Zimmerle Costa and Ryan Barnett - OWASP ModSecurity Core Rule Set Project Leader

OWASP ModSecurity Core Rule Set (CRS) - Create an Engine to Detect Application Flow Anomalies

Brief explanation:

Need an engine that can track normal application flow paths (click-flows) for business logic transactions - such as transferring money from accounts. After profiling normal application path flows, we want to then be able to alert to anomalies. This type of logic can help to prevent Banking Trojan attacks.

Example - let's say an application has a multi-step checkout process to purchase an item. This new engine would be able to profile/learn which URLs are accessed in what order and identify if clients skip steps or jump directly to other URLs in the flow.

Expected results:

The engine will be able to alert on anomalous application flows.

Knowledge Prerequisite:

C programming and ModSecurity Development Guidelines - http://www.modsecurity.org/developers/.

Mentor: Felipe Zimmerle Costa and Ryan Barnett - OWASP ModSecurity Core Rule Set Project Leader

Latest SpiderLabs Blogs

Fake Dialog Boxes to Make Malware More Convincing

Let’s explore how SpiderLabs created and incorporated user prompts, specifically Windows dialog boxes into its malware loader to make it more convincing to phishing targets during a Red Team...

Read More

The Secret Cipher: Modern Data Loss Prevention Solutions

This is Part 7 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here. Far too many organizations place Data Loss Prevention (DLP) and Data...

Read More

CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway

UPDATE: Palo Alto Networks confirmed on Tuesday (4/16) that disabling device telemetry is no longer considered an effective mitigation. On Wednesday (4/17), the company released new threat signatures...

Read More