Tully's Coffee Nishi-Shinjuku in Tokyo: One of Recommended Cafe in Shinjuku area

This cafe is very convenient for me to get free Wi-Fi and it is called “METRO FREE Wi-Fi“, because it is close to Nishi-Shinjuku metro station. By the way, before users are authorized by the server, users can send ping any destination but aren’t allowed to transfer any TCP/IP packets. It’s to be expected that the provider wants to restrict the unauthorized user to prevent any unexpected and malicious behavior.

Logs of ping and ssh before I start to authorize:

SECCON2014: CTF (Capture the flag) competition of security in Japan

I participated in SECCON at the Japanese competition of information security with my colleagues as a team in 19th, July. The final ranking was 43 out of 425 teams.
(Japanese official site)

We started from 9:00 and ended at 21:00 (12 hours!) so I was very exhausted but I was so excited when I was able to solve the parts of some problems. Moreover, I could improve my security skills and recognize my weak points in the field. It was a very valuable event. When I have a chance to attend such competition in the near future, I’ll participate again and of course, I’ll prepare by improving my skill every day to contribute.

Apache: ModSecurity (WAF) のインストール・設定方法 – Webアプリ脆弱性対策

本記事はWAF (Web Application Firewall)ソフトでApacheモジュールの一つである、ModSecurityのインストール及び簡易的な設定方法を記載する。本運用を考慮した設定は本記事では割愛するが、必要な参考リンクは適時記載するので参照されたし。

概要 (全体像)

ModSecurity:TrustWave社がGPLv2 ライセンスのもと提供しているOSSのWAF。
ModSecurity: Open Source Web Application Firewall
IPA 独立行政法人 情報処理推進機構:Web Application Firewall 読本
OWASP Core Rule Set:OWASP(Open Web Application Security Project)がGPLv2 ライセンスのもと提供しているModSecurityのルール(シグネチャ)。
Category:OWASP ModSecurity Core Rule Set Project – OWASP
Category:OWASP Best Practices: Use of Web Application Firewalls – OWASP