Let me secure that for you!

Welcome to “Let me secure that for you!”

Virtual Patching is a great technique for quickly patching security vulnerabilities or weaknesses in your website, without having to touch the web server!

Virtual Patching:

Prevent the exploitation of a known vulnerability

A virtual patching layer can sit in front of your web server, acting as a reverse proxy in front of the application. If any vulnerabilities or weaknesses are discovered by penetration testing or attack traffic, then the virtual patching layer can neuter the effects of the attack or address the weakness.

Learn more

• Presentation at linux.conf.au 2017:
  • Slides (Google Slides)
  • Slides (PDF, 2.1mb)
  • Video (YouTube, 45min)
• Presentation at BSidesWLG 2017:
  • Video (YouTube, 47min)
• Presentation at Appsec Day AU 2017:
  • Slides (Google Slides)
  • Slides (PDF, 2mb)
  • Video (YouTube, 57min)
• What is lmstfu?
• Vulnerabilities or Weaknesses
• How to address vulnerabilities
• Mod Security:
  • About Mod Security
  • Laying out your SecRules
  • Running CRS rules only on certain parameters
• Node.js:
  • About Node.js
  • Node.js Proxy
  • Node.js Proxy Handlers
• Virtual Patches:
  • Blocking Requests
  • Blocking Urls
  • Validate a Parameter
  • Detect XSS
  • Detect SQL Injection
  • Protect against CSRF
  • Alter cookie secure / HttpOnly flags
  • HTML Manipulation