Recipe 2-5: Real-time Resource Assessments and Virtual Patching
This recipe shows you how to integrate ModSecurity and Arachni to achieve real-time, on-demand resource assessments and virtual patching.
Ingredients
- Arachni RPC server
- ModSecurity
- Lua API
- Resource persistent storage from Recipe 1-1
Up to this point, the methods we have described to identify and remediate vulnerabilities have been distinct and separate. You first identify the vulnerabilities through passive or active vulnerability identification, and then you must create virtual patches to remediate the issues. Although this approach works, it is resource-intensive and must be repeated often in the future. Wouldn’t it be great if the two tools we are using, Arachni and ModSecurity, could be integrated? That is precisely what this recipe covers.
Theory of Operation
The basic concept is that we can integrate these two tools to achieve real-time, on-demand application assessments and remediation. Let’s take a step-by-step look at the theory of operation work flow:
1. ModSecurity identifies when a real client accesses a resource.
2. ModSecurity extracts the URL, parameter, and cookie data and uses a Lua script to pass this information to a remote Arachni RPC host for scanning.
3. ModSecurity saves metadata within the local ModSecurity RESOURCE persistent storage.
4. Arachni conducts a targeted scan, assessing only the vectors passed to it (meaning that it does not conduct crawling to enumerate links and ...
Get Web Application Defender's Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
