Salam, On Sun, Sep 5, 2010 at 2:29 PM, Muzamir Mokhtar <[email protected]>wrote:
> Salam, > > I have setup mod_security in my httpd. > I have use rules from owasp. > I have enable the rules and use the default ruleset. > I have enable audit log. > > Question : > 1) How do i know my mod_security is working properly? > test it using all common attacks that it should be blocking. http://www.owasp.org/index.php/Category:Attack http://www.owasp.org/index.php/Testing_for_Cross_site_scripting > 2) Is there any additional modification i need to do in order to block > the vulnerable attack such as sql injection, xss, spam comment and > others. > > sanitize your input to prevent SQL injection http://www.owasp.org/index.php/Guide_to_SQL_Injection > Please do advice me on this. > > -- > Muzamir bin Mokhtar, > Pegawai Teknologi Maklumat (F44) > Unit Operasi > Bahagian Teknologi Maklumat > Pej SUK Pahang > TEL : 095129424/425 > FAX : 095163490 > http://muzzoshah.blogspot.com > http://muzzotechspot.blogspot.com > > > ---------------------------------------------------------------- > DISCLAIMER: > This e-mail and the attachment is from State Government of Pahang, > Malaysia. It is intended solely for the person to whom they are > addressed and may be confidential and privileged. If you are not the > intended recipient, you are notified that disclosing, distributing, > copying or taking any action in reliance of the content of this > information is strictly prohibited. Please notify the sender > immediately if you have received this e-mail and delete it from your > system. The recipient should check the e-mail and any attachment for > the presence of viruses that could be transmitted via e-mail. Email > transmission cannot be guaranteed to be secure or error free as > information could be intercepted, corrupted, lost, destroyed, > incomplete or contain viruses. State Government of Pahang, Malaysia > accepts no liability for any errors or omissions in the contents of > this message which arises as a result of e-mail transmission. > Opinions, conclusions and other information in this e-mail that does > not relate to the official business of State Government of Pahang, > Malaysia shall be understood as neither given nor endorsed by State > Government of Pahang, Malaysia. > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > _______________________________________________ > Owasp-Malaysia mailing list > [email protected] > https://lists.owasp.org/mailman/listinfo/owasp-malaysia > > OWASP Malaysia Wiki > http://www.owasp.org/index.php/Malaysia > > OWASP Malaysia Wiki Facebook > http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420 > -- Best Wishes, M. Fauzilkamil Zainuddin ---------------------------------------------------- ApOgEE a.k.a JeRuNgKuN ---------------------------------------------------- https://edge.launchpad.net/~apogee <https://edge.launchpad.net/%7Eapogee> - ApOgEE on LaunchPad http://artofapogee.blogspot.com - Art Of ApOgEE http://coderstalk.blogspot.com - Coder's Talk ----------------------------------------------------
_______________________________________________ Owasp-Malaysia mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-malaysia OWASP Malaysia Wiki http://www.owasp.org/index.php/Malaysia OWASP Malaysia Wiki Facebook http://www.facebook.com/pages/OWASP-Malaysia-Local-Chapter/295989208420
