Difference between revisions of "Projects/OWASP ModSecurity Core Rule Set Project"

From OWASP
Jump to: navigation, search
 
(12 intermediate revisions by 2 users not shown)
Line 8: Line 8:
 
Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, the CRS is based on generic rules which focus on attack payload identification in order to provide protection from zero day and unknown vulnerabilities often found in web applications, which are in most cases custom coded.   
 
Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, the CRS is based on generic rules which focus on attack payload identification in order to provide protection from zero day and unknown vulnerabilities often found in web applications, which are in most cases custom coded.   
  
| project_license = [http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU General Public License - Version 2.0]  
+
| project_license = [http://www.apache.org/licenses/LICENSE-2.0.txt Apache Software License v2 (ASLv2)]  
  
 
| leader_name1 = Ryan Barnett
 
| leader_name1 = Ryan Barnett
| leader_email1 = Ryan.Barnett@breach.com
+
| leader_email1 = Ryan.Barnett@owasp.org
 
| leader_username1 = Rcbarnett  
 
| leader_username1 = Rcbarnett  
  
| contributor_name1 = Brian Rectanus
+
| contributor_name1 = Breno Silva
 
| contributor_email1 =  
 
| contributor_email1 =  
| contributor_username1 = Brian_Rectanus
+
| contributor_username1 =  
  
 
| pamphlet_link =  
 
| pamphlet_link =  
  
| presentation_link = http://www.owasp.org/index.php/File:OWASP_ModSecurity_Core_Rule_Set.ppt
+
| presentation_link = http://www.owasp.org/images/b/b3/OWASP_ModSecurity_Core_Rule_Set.ppt
  
 
| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
 
| mailing_list_name = https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
Line 40: Line 40:
  
 
| release_1 = ModSecurity 2.0.6
 
| release_1 = ModSecurity 2.0.6
| release_2 =
+
| release_2 = ModSecurity 2.0.10
| release_3 =
+
| release_3 = ModSecurity 2.0.12
| release_4 =
+
| release_4 = ModSecurity 2.1.2
 +
| release_5 =
 +
<!--- The line below is for GPC usage only. Please do not edit it --->
 +
| project_about_page = Projects/OWASP ModSecurity Core Rule Set Project
 
}}
 
}}

Latest revision as of 18:17, 26 May 2011

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP ModSecurity Core Rule Set Project (home page)
Purpose: ModSecurity is an Apache web server module that provides a web application firewall engine. The ModSecurity Rules Language engine is extrememly flexible and robust and has been referred to as the "Swiss Army Knife of web application firewalls." While this is certainly true, it doesn't do much implicitly on its own and requires rules to tell it what to do. In order to enable users to take full advantage of ModSecurity out of the box, we have developed the Core Rule Set (CRS) which provides critical protections against attacks across most every web architecture.

Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, the CRS is based on generic rules which focus on attack payload identification in order to provide protection from zero day and unknown vulnerabilities often found in web applications, which are in most cases custom coded.

License: Apache Software License v2 (ASLv2)
who is working on this project?
Project Leader(s):
Project Contributor(s):
  • Breno Silva
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
ModSecurity 2.2.8 - 06/30/2013 - (download)
Release description: == Version 2.2.8 - 06/30/2013 ==

Security Fixes:

Improvements:

  • Updatd the /util directory structure
  • Added scripts to check Rule ID duplicates
  • Added script to remove v2.7 actions so older ModSecurity rules will work
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/43
  • Added new PHP rule (958977) to detect PHP exploits (Plesk 0-day from king cope)
 - http://seclists.org/fulldisclosure/2013/Jun/21
 - http://blog.spiderlabs.com/2013/06/honeypot-alert-active-exploits-attempts-for-plesk-vulnerability-.html


Bug Fixes:

  • fix 950901 - word boundary added
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/48
  • fix regex error
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/pull/44
  • Updated the Regex in 981244 to include word boundaries
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/36
  • Problem with Regression Test (Invalid use of backslash) - Rule 960911 - Test2
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/34
  • ModSecurity: No action id present within the rule - ignore_static.conf
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/17
  • "Bad robots" rule blocks all Java applets on Windows XP machines
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/16
  • duplicated rules id 981173
 - https://github.com/SpiderLabs/owasp-modsecurity-crs/issues/18
Rating: Projects/OWASP ModSecurity Core Rule Set Project/GPC/Assessment/ModSecurity 2.2.8
last reviewed release
ModSecurity 2.0.6 - 2010-02-26 - (download)
Release description: ModSecurity is a web application firewall that can work either embedded or as a reverse proxy. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis.
Rating: Greenlight.pngGreenlight.pngGreenlight.png Stable Release - Assessment Details


other releases