The Sound of the Birds

Malorie finds her way to the door of the sanctuary. After fumbling around with the handle, she manages to open the door. She takes a cautious and shaky step out the door, leaving the shelter. Going…

Smartphone

独家优惠奖金 100% 高达 1 BTC + 180 免费旋转




Prerequisites

This lab cover total 4 blogs, Below are links for reference

Part-1: WAF tuning (This blog)

Part-2: Reconnaissance Playbook

Part-3: Vulnerability Exploitation

Part-4: Data Disclosure and Exfiltration

The purpose of the Web application security protection and detection lab tutorial is to demonstrate Cloud Armor (WAF &DDoS) capabilities in identifying, detecting, and protecting against suspicious activities and potential attacks against your Web Applications. This first tutorial in a four-part series walks you through creating a lab environment for testing against Google cloud WAF’s protections. This lab focuses on the OWASP protection ruleset and logging capabilities of GCP WAF.

In this tutorial you will:

2. Monitoring enabled on Load balancer and cloud armor security Policy

3. Familiarity with Kali linux.

Architecture

Successful attack path is one where malicious data is sent directly by the attacker to the OWASP Juice Shop web application leading to successful exploitation. Attack path defended by WAF represents the path where malicious data is inspected by Cloud armor WAF and blocked with its out of the box ruleset before it reaches the web application.

! IMPORTANT: For the scenarios demonstrated in this document, OWASP Juice Shop application was running on HTTP port 3000.

evaluatePreconfiguredExpr(‘xss-stable’, [‘owasp-crs-v020901-id981136-xss’, ‘owasp-crs-v020901-id981138-xss’])

Highlighted list of signatures is excluded from the default rule xss stable.

Below is example to configure Policy, rule and attach it to backend.

Test Cloud armor capabilities for SQL injection and cross site scripting .

Part-2: Reconnaissance Playbook

Add a comment

Related posts:

The Insidious Danger Of The Uncontested Lie

I saw a meme today that read: “Once you stop trying to prove points, your life will be much more peaceful. Let people say and think what they want. It has nothing to do with you.” I believe the…

PHOTOELECTRIC EFFECT

PHOTOELECTRIC EFFECT Photoelectric effect was discovered by Heinrich Hertz in 1887. Photoelectric effect is a phenomenon in which electrons are emitted from the surface of a substance when certain…