Chapter 9 - 04 - Application Security Testing Techniques and Tools - 07_ocred.pdf
Document Details
Uploaded by barrejamesteacher
null
OCER
Tags
Related
- Chapter 2 - 04 - Understand Application-level and OS-level Attacks - 01_ocred.pdf
- Chapter 9 - 04 - Application Security Testing Techniques and Tools - 08_ocred.pdf
- Chapter 2 - 04 - Understand Application-level and OS-level Attacks_fax_ocred.pdf
- Chapter 2 - 04 - Understand Application-level and OS-level Attacks - 01_ocred_fax_ocred.pdf
- Chapter 9 - 01 - Understand Secure Application Design and Architecture - 05_ocred_fax_ocred.pdf
- Chapter 9 - 04 - Application Security Testing Techniques and Tools - 08_ocred_fax_ocred.pdf
Full Transcript
Certified Cybersecurity Technician Application Security Exam 212-82 Configuring URLScan to Setup as WAF For IIS Server Microsoft URLScan is @ WAF tool that analyzes and filters all HTTP requests received by 1IS and protects web applications against SQL injection or cross-site scripting XSS attacks T...
Certified Cybersecurity Technician Application Security Exam 212-82 Configuring URLScan to Setup as WAF For IIS Server Microsoft URLScan is @ WAF tool that analyzes and filters all HTTP requests received by 1IS and protects web applications against SQL injection or cross-site scripting XSS attacks The administrator can configure the URLScan filter rules to reject HTTP requests based on following criteria: °—o W) etermet Information Senvces (15) Manager HTTP request method or verb E0 File @) View -id2 20999 N St v N Suspicious URL encoding » | e Page WEBSERVER (WEBSERVER\AS o} Appheation Pooly voa St @ Detault Web Ste @ Demoltpsee @ Presence of non-ASCIl characters in the URL Stes b luwsrptreats » [w] w x e Hep | Connections File extension of the requested resource wunmar. @ Use tha festureto configure ISAR fikers that process requests made 1o the Web server APN 40 6tbn Urffcan 3.1 View = Ordered List, 0. Geoupby: No Grewping Hame AN AD b taunreats | [kifl I1sAPIFilters Errcutable Ferry Type CAWendows Microseft NIV. Lecal CAWndows\ Microset NITVF.. Chinetpubwwwrestilunry.. Lecal Local Presence of specified character sequences in the URL < P Presence of specified headers in the request Corf s lecalhont > [ Features View | Content View Tusry! confiy, «lotaten paths Copyright © by [ " EC All Rights Reserved. Reproduction is Strictly Prohibited Configuring URLScan to Setup as WAF For IIS Server Microsoft URLScan is a WAF tool that analyzes and filters all Hypertext Transfer Protocol (HTTP) requests received by the Internet Information Service (lIS) web service and protects web applications against Structured Query Language (SQL) injection or cross-site scripting (XSS) attacks. It can log requests to allow the diagnosis of attempts to upset a server. If a request is identified as a risk, the script immediately returns an HTTP 404 message to the client. This mechanism protects the script, website, and server. ‘3 Internet Information Services (IIS) Manager & @ » WEBSERVER » Sites » luxurytreats » File View Help Connections ‘ €-Id i |28 W3 Start Page v ‘5 WEBSERVER (WEBSERVER\Ad( L Application Pools v @) Sites » €D Default Web Site , €D DemoFtpSite s & luxurytreats 0 Actions ISAPI Filters Add... Revert To Parent Use this feature to configure ISAPI filters that process requests made to the Web server. Group by: No Grouping Name View Ordered List... ©. Executable Entry Type ASP.Net_4.0_32bit C:AWindows\Microsoft.NET\F... Local ASP.Net_4.0_64bit CA\Windows\Microsoft.NET\F... Local UrlScan 3.1 C:inetpub\wwwroot\Luxury... Local Hep < : , | [Festures View. Content View Configuration: ‘localhost’ applicationHost.config,
