This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:OWASP ModSecurity Core Rule Set Project"
m |
|||
(8 intermediate revisions by 2 users not shown) | |||
Line 10: | Line 10: | ||
{| style="width: 100%;" | {| style="width: 100%;" | ||
| style="vertical-align:top;" | The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with [https://modsecurity.org ModSecurity] or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the [[Top10|OWASP Top Ten]], with a minimum of false alerts. The CRS provides protection against many common attack categories, including SQL Injection, Cross Site Scripting, Locale File Inclusion, etc. | | style="vertical-align:top;" | The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with [https://modsecurity.org ModSecurity] or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the [[Top10|OWASP Top Ten]], with a minimum of false alerts. The CRS provides protection against many common attack categories, including SQL Injection, Cross Site Scripting, Locale File Inclusion, etc. | ||
+ | |||
+ | [[File:CRS-logo-full_size-512x257.png|512px|link=https://coreruleset.org]] | ||
'''The offical website of the project can be found at [https://coreruleset.org https://coreruleset.org]. | '''The offical website of the project can be found at [https://coreruleset.org https://coreruleset.org]. | ||
+ | |||
| style="text-align:right;" | [[File:CRS3-movie-poster-thumb.jpeg|300px|link=https://coreruleset.org/poster]] | | style="text-align:right;" | [[File:CRS3-movie-poster-thumb.jpeg|300px|link=https://coreruleset.org/poster]] | ||
Line 26: | Line 29: | ||
These tutorials are part of a big series of Apache / ModSecurity guides published by [https://www.netnea.com/cms/apache-tutorials netnea]. They are written by [[:user:Dune73|Christian Folini]]. | These tutorials are part of a big series of Apache / ModSecurity guides published by [https://www.netnea.com/cms/apache-tutorials netnea]. They are written by [[:user:Dune73|Christian Folini]]. | ||
− | More Information about the rule set at the official website | + | More Information about the rule set is available at the official website, [https://coreruleset.org https://coreruleset.org]. |
==Licensing== | ==Licensing== | ||
Line 32: | Line 35: | ||
OWASP ModSecurity CRS is free to use. It is licensed under the [http://www.apache.org/licenses/LICENSE-2.0.txt Apache Software License version 2 (ASLv2)], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. | OWASP ModSecurity CRS is free to use. It is licensed under the [http://www.apache.org/licenses/LICENSE-2.0.txt Apache Software License version 2 (ASLv2)], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. | ||
− | | valign="top" style="padding-left:25px;width:200px;" | | + | == Reporting Issues == |
+ | |||
+ | * If you think you've found a false positive in commercially available software and want us to take a look, submit an issue on [https://github.com/SpiderLabs/owasp-modsecurity-crs/ our Github] | ||
+ | * Have you found a false negative/bypass? We'd love to hear about it - please responsibly disclose it to [mailto:[email protected] [email protected]] | ||
+ | |||
+ | |||
+ | == Project Sponsors == | ||
+ | |||
+ | {| class="wikitable" | ||
+ | |||
+ | |- | ||
+ | ! Trustwave !! Avi Networks || cPanel, Inc | ||
+ | |- | ||
+ | | [[Image:SpiderLabs Logo 2011.JPG|200px|link=https://www.trustwave.com/spiderLabs.php]] || [[Image:Avi_Networks.jpg|200px|link=https://avinetworks.com/]] || [[Image:CPanel logo.svg.png|200px|link=https://cpanel.com/]] | ||
+ | |} | ||
+ | |||
+ | | valign="top" style="padding-left:25px;width:200px;" | | ||
+ | == Website == | ||
+ | [https://coreruleset.org https://coreruleset.org] | ||
+ | |||
+ | == Social Channels == | ||
+ | |||
+ | [https://twitter.com/coreruleset?lang=en Twitter @CoreRuleSet] | ||
+ | |||
+ | [https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set OWASP CRS Mailing List] | ||
== Project Members == | == Project Members == | ||
Line 53: | Line 80: | ||
== Quick Download == | == Quick Download == | ||
− | + | [https://coreruleset.org/installation/ Installation Tutorial] | |
+ | |||
+ | [https://hub.docker.com/r/owasp/modsecurity-crs/ Docker Image] | ||
== Source Code Repo == | == Source Code Repo == | ||
− | + | [https://github.com/SpiderLabs/owasp-modsecurity-crs GitHub Project] | |
== News and Events == | == News and Events == | ||
− | + | We publish a monthly newsletter on the official website at [https://coreruleset.org/ https://coreruleset.org] | |
− | |||
− | |||
− | |||
− | |||
− | |||
==Classifications== | ==Classifications== | ||
Line 84: | Line 108: | ||
|} | |} | ||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
− | |||
__NOTOC__ <headertabs /> | __NOTOC__ <headertabs /> | ||
[[Category:OWASP Project]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]] [[Category:SAMM-EH-3]] | [[Category:OWASP Project]] [[Category:OWASP_Defenders]] [[Category:OWASP_Document]] [[Category:SAMM-EH-3]] |
Latest revision as of 00:15, 10 July 2018
Main
OWASP ModSecurity Core Rule Set (CRS)The 1st Line of Defense Against Web Application Attacks
Getting Started / TutorialsThe following tutorials will get you started with ModSecurity and the CRS v3.
These tutorials are part of a big series of Apache / ModSecurity guides published by netnea. They are written by Christian Folini. More Information about the rule set is available at the official website, https://coreruleset.org. LicensingOWASP ModSecurity CRS is free to use. It is licensed under the Apache Software License version 2 (ASLv2), so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. Reporting Issues
Project Sponsors
|
WebsiteSocial ChannelsProject MembersProject Leaders: Contributors:
Quick DownloadSource Code RepoNews and EventsWe publish a monthly newsletter on the official website at https://coreruleset.org Classifications
Donate<paypal>ModSecurity Core Rule Set Project</paypal> |
Pages in category "OWASP ModSecurity Core Rule Set Project"
The following 16 pages are in this category, out of 16 total.
M
O
- OWASP ModSec CRS Paranoia Mode
- OWASP ModSec CRS Paranoia Mode Sibling 950001
- OWASP ModSec CRS Paranoia Mode Sibling 950907
- OWASP ModSec CRS Paranoia Mode Sibling 958977
- OWASP ModSec CRS Paranoia Mode Sibling 958980
- OWASP ModSec CRS Paranoia Mode Sibling 960901
- OWASP ModSec CRS Paranoia Mode Sibling 970003
- OWASP ModSec CRS Paranoia Mode Sibling 981049
- OWASP ModSec CRS Paranoia Mode Sibling 981172
- OWASP ModSec CRS Paranoia Mode Sibling 981173
- OWASP ModSecurity rule evaluation framework