Thursday, June 25, 2015

More Evidence HTTPS will soon rule the World

I've blogged a few times ( [1] , [2]) now on how HTTP is going away and will soon be replaced by HTTPS.

I thought it was worthy to mention a few other big names making the same push.

REDDIT: Recently announced they'll move all site and services to HTTPS-only by the end of 2016.
BING: Recently announced that this summer they'll start making HTTPS their standard.
WHITE HOUSE: Recently announced that all federal agencies and departments are instructed move publicly accessible Web sites and services to HTTPS-only by the end of 2016.
APPLE: Recently published guidance for developers explaining the inclusion of Application Transport Security, a protocol that allows developers to force secure connections to specific domains from their apps.


This is all very exciting news and pushes home the idea that the migration to HTTPS is real and coming to your neck of the woods soon. You should start planning out your migration if you haven't already.

Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.

Friday, June 5, 2015

Analyze Apache Access Logs for Malicious Activity

Let's say I have an Apache Web Server access log. I think something fishy was going on yesterday, but I don't want to manually parse through all the disgusting text based logs to find the craziness. I could write a custom python script, splash in some amazing regular expressions, and try to find the bad stuff on my own. Or I could just use somebody else's :-)

Here in lies a tool like apache scalp. It's a free python script you can download and execute. The only pre-requisites are that you have python installed and that you download the default filter xml file.

Then run the script
  python.exe scalp-0.4.py -l www.mysite_log -o myoutputfolder --html -f default_filter.xml
  Loading XML file 'default_filter.xml'...
  Processing the file 'www.mysite_log'...
  Scalp results:
         Processed 873 lines over 873
         Found 6 attack patterns in 0.581000 s
  Generating output in myoutputfolder\www.mysite_log_scalp_*


It generates a pretty html file that you can open in your browser from the myoutputfolder location. Hopefully if anything you just saved yourself a bunch of time.

Copyright © 2015, this post cannot be reproduced or retransmitted in any form without reference to the original post.