This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Category:OWASP ModSecurity Core Rule Set Project

From OWASP

Revision as of 18:46, 22 April 2014 by Rcbarnett (talk | contribs) (→‎Ohloh)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Jump to: navigation, search

Main
FAQs
Acknowledgements
Road Map and Getting Involved
Project About

OWASP ModSecurity Core Rule Set (CRS)

The OWASP ModSecurity CRS Project's goal is to provide an easily "pluggable" set of generic attack detection rules that provide a base level of protection for any web application.

Introduction

The OWASP ModSecurity CRS is a set of web application defense rules for the open source, cross-platform ModSecurity Web Application Firewall (WAF).

Description

The OWASP ModSecurity CRS provides protections if the following attack/threat categories:

HTTP Protection - detecting violations of the HTTP protocol and a locally defined usage policy.
Real-time Blacklist Lookups - utilizes 3rd Party IP Reputation
HTTP Denial of Service Protections - defense against HTTP Flooding and Slow HTTP DoS Attacks.
Common Web Attacks Protection - detecting common web application security attack.
Automation Detection - Detecting bots, crawlers, scanners and other surface malicious activity.
Integration with AV Scanning for File Uploads - detects malicious files uploaded through the web application.
Tracking Sensitive Data - Tracks Credit Card usage and blocks leakages.
Trojan Protection - Detecting access to Trojans horses.
Identification of Application Defects - alerts on application misconfigurations.
Error Detection and Hiding - Disguising error messages sent by the server.

Licensing

OWASP ModSecurity CRS is free to use. It is licensed under the Apache Software License version 2 (ASLv2), so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.

Ohloh

http://www.ohloh.net/p/owasp-modsecurity-crs

What is OWASP ModSecurity CRS?

OWASP ModSecurity CRS provides:

Baseline protection for common web application attacks.

Presentation

Project Leader

Project Leader:

Ryan Barnett

Contributors:

Related Projects

Quick Download

Source Code Repo

OWASP ModSecurity CRS on GitHub

News and Events

Mailing List

OWASP CRS Mail-list

Classifications


	License: ASLv2

Donate

<paypal>ModSecurity Core Rule Set Project</paypal>

Q1: A1

Q2: A2

Volunteers

XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:

Others

As of XXX, the priorities are:

Involvement in the development and promotion of XXX is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

PROJECT INFO
What does this OWASP project offer you?

RELEASE(S) INFO
What releases are available for this project?

what	is this project?
Name: OWASP ModSecurity Core Rule Set Project (home page)
Purpose: ModSecurity is an Apache web server module that provides a web application firewall engine. The ModSecurity Rules Language engine is extrememly flexible and robust and has been referred to as the "Swiss Army Knife of web application firewalls." While this is certainly true, it doesn't do much implicitly on its own and requires rules to tell it what to do. In order to enable users to take full advantage of ModSecurity out of the box, we have developed the Core Rule Set (CRS) which provides critical protections against attacks across most every web architecture. Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, the CRS is based on generic rules which focus on attack payload identification in order to provide protection from zero day and unknown vulnerabilities often found in web applications, which are in most cases custom coded.
License: Apache Software License v2 (ASLv2)
who	is working on this project?
Project Leader(s): Chaim Sanders @
how	can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Main links: ModSecurity on SourceForge Bug Tracker Installation Documentation PPT Presentation PDF Withepaper
Key Contacts
Contact Chaim Sanders @ to contribute to this project Contact Chaim Sanders @ to review or sponsor this project

current release

ModSecurity 2.2.8 - 06/30/2013 - (download)

Release description: == Version 2.2.8 - 06/30/2013 ==

Security Fixes:

Improvements:

Updatd the /util directory structure
Added scripts to check Rule ID duplicates
Added script to remove v2.7 actions so older ModSecurity rules will work

 - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/43

Added new PHP rule (958977) to detect PHP exploits (Plesk 0-day from king cope)

 - http://seclists.org/fulldisclosure/2013/Jun/21
 - http://blog.spiderlabs.com/2013/06/honeypot-alert-active-exploits-attempts-for-plesk-vulnerability-.html

Bug Fixes:

fix 950901 - word boundary added

 - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/48

fix regex error

 - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/44

Updated the Regex in 981244 to include word boundaries

 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/36

Problem with Regression Test (Invalid use of backslash) - Rule 960911 - Test2

 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/34

ModSecurity: No action id present within the rule - ignore_static.conf

 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/17

"Bad robots" rule blocks all Java applets on Windows XP machines

 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/16

duplicated rules id 981173

 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/18

Rating: Projects/OWASP ModSecurity Core Rule Set Project/GPC/Assessment/ModSecurity 2.2.8

last reviewed release

ModSecurity 2.0.6 - 2010-02-26 - (download)
Release description: ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
Rating: Stable Release - Assessment Details

other releases
ModSecurity 2.1.2 ModSecurity 2.0.12 ModSecurity 2.0.10 ModSecurity 2.0.6

}

Pages in category "OWASP ModSecurity Core Rule Set Project"

The following 16 pages are in this category, out of 16 total.

M

O

Retrieved from "https://wiki.owasp.org/index.php?title=Category:OWASP_ModSecurity_Core_Rule_Set_Project&oldid=173210"

Categories:

Category:OWASP ModSecurity Core Rule Set Project

OWASP ModSecurity Core Rule Set (CRS)

Introduction

Description

Licensing

Ohloh

What is OWASP ModSecurity CRS?

Presentation

Project Leader

Related Projects

Quick Download

Source Code Repo

News and Events

Mailing List

Classifications

Donate

Volunteers

Others

Pages in category "OWASP ModSecurity Core Rule Set Project"

M

O

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools