Need to enhance WAF security to enable protection against web server attack.
Hints: Please use existing FortiWeb-WebServer server policy ,FortiWeb-Protection in-line protection profile and FortiWeb-Signature signature.
Task 1-3 need to be configure in HTTP. Do not enable HTTPS until Task4.
Web 03-01 : Some OSWAP Top10 attack target your server. Pls help to find and block.
Hints:
· You can check log access attack to locate existing attack type.
· Enable the protection in Web Protection Signature. Blocking is needed.
Web 03-02 : There is some file inclusion attack found
Hints:
· The attack is conducted by “..\..\” file inclusion.
· You may google FortiWeb file inclusion~ Blocking is needed.
Web 03-03 : Hacker is delivering bot attack to your web server. Pls protect it.
Hints:
· You may refer some know bot detection method (Eg. sqlmap, hydra). Blocking is needed.
Web 03-04 : Login to web server is not secure. Pls enhance it with highest cryptographic
Hints:
· Only the highest cryptographic version should be enabled.
