Reversing Engineering Web Applications for Security - Behavior Analysis and WAF Detection

Reversing Engineering Web Applications for Security - Behavior Analysis and WAF Detection

OWASP Foundation via YouTube Direct link

Special File Permissions

31 of 37

31 of 37

Special File Permissions

Class Central Classrooms beta

YouTube videos curated by Class Central.

Classroom Contents

Reversing Engineering Web Applications for Security - Behavior Analysis and WAF Detection

Automatically move to the next video in the Classroom when playback concludes

  1. 1 Intro
  2. 2 About Sucuri Security
  3. 3 A Note on the Examples
  4. 4 Motivations
  5. 5 Agenda
  6. 6 Reverse Engineering
  7. 7 Whitelisting
  8. 8 Our Scope: Waf Detection
  9. 9 Detection steps Analyze Application Structure
  10. 10 The HTTP Protocol
  11. 11 Traffic Analysis
  12. 12 Crawling the Application
  13. 13 GET Request
  14. 14 Oh wait! Get a job from the headers...
  15. 15 Full Request
  16. 16 What's wrong here?
  17. 17 What about here?
  18. 18 Summary of Flow Parsing
  19. 19 File Structure
  20. 20 WordPress Tarball
  21. 21 The Basic WP Structure
  22. 22 xmlrpc.php
  23. 23 XMLRPC Login Attempt
  24. 24 Brute forcing New Brute Force Attacks Exploiting XMLRPC in
  25. 25 Pingback
  26. 26 wp-admin/ "Access"
  27. 27 Restriction Samples: .htaccess
  28. 28 Mitigating Attack Surface
  29. 29 Realtime Monitoring w/ OSSEC
  30. 30 Threshold Ideas
  31. 31 Special File Permissions
  32. 32 Counter Intelligence
  33. 33 Behavior: How you look at problems
  34. 34 GEO IP Block: Top Attack Countries
  35. 35 Top Methods
  36. 36 HTTP Version 1.0
  37. 37 In summary...

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.