WAF Virtual Patching Challenge: Securing WebGoat With ModSecurity
Source: Breach Security
This paper presents the technical details behind a virtual patch, which is a critical protection function provided by Web Application Firewalls (WAFs). A virtual patch is a powerful, agile mitigation strategy to quickly help protect vulnerable web applications from remote compromise. During the course of this whitepaper, it evaluates a number of example vulnerabilities from the OWASP WebGoat application. The context of these examples helps to quantify the significant research responsibilities of the virtual patch writer, and highlights how ModSecurity's rules language and advanced capabilities afford security consultants with a platform to mitigation complex vulnerabilities identified within a web application.