Security」タグアーカイブ

Tully's Coffee Nishi-Shinjuku in Tokyo: One of Recommended Cafe in Shinjuku area

metro_wifi_tullys_nishi-shinjuku
This cafe is very convenient for me to get free Wi-Fi and it is called “METRO FREE Wi-Fi“, because it is close to Nishi-Shinjuku metro station. By the way, before users are authorized by the server, users can send ping any destination but aren’t allowed to transfer any TCP/IP packets. It’s to be expected that the provider wants to restrict the unauthorized user to prevent any unexpected and malicious behavior.

Logs of ping and ssh before I start to authorize:

SECCON2014: CTF (Capture the flag) competition of security in Japan

seccon2014_xss_stage9
I participated in SECCON at the Japanese competition of information security with my colleagues as a team in 19th, July. The final ranking was 43 out of 425 teams.
(Japanese official site)

We started from 9:00 and ended at 21:00 (12 hours!) so I was very exhausted but I was so excited when I was able to solve the parts of some problems. Moreover, I could improve my security skills and recognize my weak points in the field. It was a very valuable event. When I have a chance to attend such competition in the near future, I’ll participate again and of course, I’ll prepare by improving my skill every day to contribute.

Apache: ModSecurity (WAF) のインストール・設定方法 – Webアプリ脆弱性対策

本記事はWAF (Web Application Firewall)ソフトでApacheモジュールの一つである、ModSecurityのインストール及び簡易的な設定方法を記載する。本運用を考慮した設定は本記事では割愛するが、必要な参考リンクは適時記載するので参照されたし。

概要 (全体像)

ModSecurity:TrustWave社がGPLv2 ライセンスのもと提供しているOSSのWAF。
ModSecurity: Open Source Web Application Firewall
下記の資料にWAFの概要からModSecurityの導入〜運用までの検討ポイントが記載されている。
IPA 独立行政法人 情報処理推進機構:Web Application Firewall 読本
OWASP Core Rule Set:OWASP(Open Web Application Security Project)がGPLv2 ライセンスのもと提供しているModSecurityのルール(シグネチャ)。
Category:OWASP ModSecurity Core Rule Set Project – OWASP
Category:OWASP Best Practices: Use of Web Application Firewalls – OWASP
OWASP
当サイトを含む下手なブログ記事等を参照するよりも先ずは公式と上記のリンクを読んだ方が理解が早い。
続きを読む