This article is about installing Sqreen on the hosting and web server management system Plesk. Sqreen is a Web-Application-Firewall (WAF) and Runtime-Application-Self-Protection (RASP) solution.
Sqreen is easy to install and works out of the box. The onboarding process guides you very well step-by-step through the whole setup and while setting up your first application you learn about each config. This works very well in less than one hour until production. If you add a banner into your footer you are allowed to use Sqreen free for one production app.
In this article I want to show how to use Sqreen to protect a WordPress Blog. Therefore we only need to install the Sqreen PHP agent. We don’t need any changes on the code or the application itself. Later in the process, when we want to monitor usernames instead of only a IP address, it may be required to add a additional line to share the username (or a UUID or a hash) with Sqreen. Fortunately, Sqreen provides a WordPress Plugin, so even this is very simple in case your application is a WordPress Blog. Just install the WordPress Plugin to monitor users. …
Detect and respond to attacks: AppSensor
The OWASP AppSensor project is a collaborative initiative that provides open source materials and code to organizations to help them develop their own attack monitoring and response implementations.
Despite the enormous importance of these systems, the current situation is that defense measures are integrated into only a few applications. Every day, attacks are launched to inspect applications and search for vulnerabilities. Attackers sometimes use automated vulnerability scanners such as OWASP ZAP, which test an application for known vulnerability patterns. Unfortunately, it is still a sad reality that almost every application is completely blind to these attacks.
The OWASP AppSensor project complains that companies often place false trust in antiquated defense mechanisms, such as signature-based systems, which can often be trivially bypassed. It is too late to monitor the logs after an attack has been carried out. Therefore, a better defense is needed at this point, which also understands the individual nature of the application. This means understanding how the business logic works, how access control is enforced, and all other unique aspects of the application are considered. …
Security in web applications is one of the top most important topics in the security environment. After all, the web application at the forefront is the interface to the Internet. The OWASP Top-10, the 10 most dangerous vulnerabilities in web applications, contain a vulnerability that is actually not a real one. …
About
