And this, I repeated up to 10,000 requests. Afterwards, I published a couple of articles about SQL injections and then read the articles in the browser, combined with the casual search for individual SQL statements. What I did was set the CRS to Paranoia Level 4 and then install a local Drupal site. With the Core Rule Set 2.2.x, this would have been simple, but with the 3.3 release (3.3.2 to be exact), most of the false positives in the default install are now gone. So, I went and created false positives from scratch in my browser. How did I arrive with this traffic generator script? After all, it is difficult to provide real production logs for an exercise due to all the sensitive data in the logs. If you do not want to run the script yourself, then you can also download the example logs from my run. When used against CRS v3.3.2, you will get exactly the alerts, this tutorial is based on. The requests are extracted from a browser session and transformed into curl requests so you can run them easily. I have prepared a script that performs 10,000 requests against a host. What you need is a real set of false alarms. There is no point in learning to fight false positives on a lab server without traffic.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |