This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "GPC Project Details/OWASP ModSecurity Core Rule Set Project"

From OWASP
Jump to: navigation, search
(Created page with '{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Project Identification Tab</noinclude> | project_name = OWASP ModSecurity Core Rule Set Project | project_descriptio…')
 
 
(26 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 
{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Project Identification Tab</noinclude>
 
{{Template:<includeonly>{{{1}}}</includeonly><noinclude>OWASP Project Identification Tab</noinclude>
 
| project_name = OWASP ModSecurity Core Rule Set Project
 
| project_name = OWASP ModSecurity Core Rule Set Project
| project_description = ModSecurity is an Apache web server module that provides a web application firewall engine.  
+
| project_description = [http://www.modsecurity.org/ ModSecurity] is an Apache web server module that provides a web application firewall engine. The ModSecurity Rules Language engine is extrememly flexible and robust and has been referred to as the "Swiss Army Knife of web application firewalls." While this is certainly true, it doesn't do much implicitly on its own and requires rules to tell it what to do. In order to enable users to take full advantage of ModSecurity out of the box, we have developed the Core Rule Set (CRS) which provides critical protections against attacks across most every web architecture.
| project_license =
+
 
| leader_name =  
+
Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, the CRS is based on generic rules which focus on attack payload identification in order to provide protection from zero day and unknown vulnerabilities often found in web applications, which are in most cases custom coded. 
| leader_email =  
+
| project_license = [http://www.apache.org/licenses/LICENSE-2.0 Apache Software License - Version 2.0]
| leader_username =  
+
| leader_name = Ryan Barnett
| maintainer_name =  
+
| leader_email = [email protected]
| maintainer_email =  
+
| leader_username = Rcbarnett
| maintainer_username =   
+
| past_leaders_special_contributions =  
| contributor_name1 =  
+
| maintainer_name = Ryan Barnett
 +
| maintainer_email = [email protected]
 +
| maintainer_username =  Rcbarnett
 +
| contributor_name1 = Brian Rectanus
 
| contributor_email1 =  
 
| contributor_email1 =  
| contributor_username1 =   
+
| contributor_username1 = Brectanus  
 
| contributor_name2 =  
 
| contributor_name2 =  
 
| contributor_email2 =  
 
| contributor_email2 =  
Line 40: Line 43:
 
| contributor_username10 =   
 
| contributor_username10 =   
 
| pamphlet_link =  
 
| pamphlet_link =  
| presentation_link =
+
| presentation_link = http://www.owasp.org/index.php/File:OWASP_ModSecurity_Core_Rule_Set.ppt
| mailing_list_name =
+
| mailing_list_name = owasp-modsecurity-core-rule-set
| links_url1 =  
+
 
| links_name1 =  
+
| links_url1 = https://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/
| links_url2 =  
+
| links_name1 = ModSecurity on SourceForge
| links_name2 =  
+
| links_url2 = https://www.modsecurity.org/tracker/browse/CORERULES
| links_url3 =  
+
| links_name2 = Bug Tracker
| links_name3 =  
+
| links_url3 = http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Installation
| links_url4 =  
+
| links_name3 = Installation
| links_name4 =  
+
| links_url4 = http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Documentation
| links_url5 =  
+
| links_name4 = Documentation
| links_name5 =  
+
| links_url5 = http://www.owasp.org/index.php/File:OWASP_ModSecurity_Core_Rule_Set.ppt
| links_url6 =  
+
| links_name5 = PPT Presentation
| links_name6 =  
+
| links_url6 = https://www.owasp.org/images/0/07/OWASP6thAppSec_ModSecurityCoreRuleSet_OferShezaf.pdf
 +
| links_name6 = PDF Withepaper
 
| links_url7 =  
 
| links_url7 =  
 
| links_name7 =  
 
| links_name7 =  
Line 62: Line 66:
 
| links_url10 =  
 
| links_url10 =  
 
| links_name10 =  
 
| links_name10 =  
| project_road_map = :Category:OWASP XXXXXX Project - Roadmap
+
| project_road_map = :Category:OWASP ModSecurity Core Rule Set Project - Roadmap
 
| project_health_status =  
 
| project_health_status =  
| current_release_name = First Release
+
| current_release_name = ModSecurity 2.2.5
| current_release_date =  
+
| current_release_date = 2012-06-14
| current_release_download_link =  
+
| current_release_download_link = http://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURRENT/modsecurity-crs_2.2.5.tar.gz/download
 
| current_release_rating =  
 
| current_release_rating =  
| current_release_leader_name =  
+
| current_release_leader_name = Ryan Barnett
| current_release_leader_email =  
+
| current_release_leader_email = [email protected]
| current_release_leader_username =  
+
| current_release_leader_username = Rcbarnett
| current_release_details = :Category:OWASP XXXXX Project - First Release
+
| current_release_details = :OWASP ModSecurity Core Rule Set Project - ModSecurity 2.2.5
 
| last_reviewed_release_name =  
 
| last_reviewed_release_name =  
 
| last_reviewed_release_date =  
 
| last_reviewed_release_date =  
Line 94: Line 98:
 
| old_release_date5 =  
 
| old_release_date5 =  
 
| old_release_download_link5 =  
 
| old_release_download_link5 =  
 +
| last_GPC_update = 21/03/2010
 +
| GPC_Notes = Assessed in 27/08/2010. Stable Quality.
 
| project_home_page = Category:OWASP_ModSecurity_Core_Rule_Set_Project  
 
| project_home_page = Category:OWASP_ModSecurity_Core_Rule_Set_Project  
 
| project_details_wiki_page = GPC_Project_Details/OWASP_ModSecurity_Core_Rule_Set_Project
 
| project_details_wiki_page = GPC_Project_Details/OWASP_ModSecurity_Core_Rule_Set_Project
 
}}
 
}}

Latest revision as of 17:05, 7 September 2012

PROJECT INFO
What does this OWASP project offer you? 		RELEASE(S) INFO
What does this OWASP project release offer you?
what is this project?
OWASP ModSecurity Core Rule Set Project

Purpose: ModSecurity is an Apache web server module that provides a web application firewall engine. The ModSecurity Rules Language engine is extrememly flexible and robust and has been referred to as the "Swiss Army Knife of web application firewalls." While this is certainly true, it doesn't do much implicitly on its own and requires rules to tell it what to do. In order to enable users to take full advantage of ModSecurity out of the box, we have developed the Core Rule Set (CRS) which provides critical protections against attacks across most every web architecture.

Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, the CRS is based on generic rules which focus on attack payload identification in order to provide protection from zero day and unknown vulnerabilities often found in web applications, which are in most cases custom coded.

License: Apache Software License - Version 2.0

who is working on this project?
Project Leader: Ryan Barnett @

Project Maintainer: Ryan Barnett @

Project Contributor(s):

how can you learn more?
Project Pamphlet: N/A

3x slide Project Presentation: View

Mailing list: Subscribe or read the archives

Project Roadmap: To view, click here

Main links:

Project Health: Yellow button.JPG Not Reviewed (Provisional)
To be reviewed under Assessment Criteria v2.0

Key Contacts
  • Contact Ryan Barnett @ to contribute, review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
ModSecurity 2.2.5 - 2012-06-14 - (download)

Release Leader: Ryan Barnett @

Release details: Main links, release roadmap and assessment

Rating: Yellow button.JPG Not Reviewed
To be reviewed under Assessment Criteria v2.0


Retrieved from "https://wiki.owasp.org/index.php?title=GPC_Project_Details/OWASP_ModSecurity_Core_Rule_Set_Project&oldid=135469"