ModSecurity Handbook shipping soon!
It's been an adventurous journey, but we are nearing a major milestone: the official publication of our first book! We've just received a batch of ModSecurity Handbook paperbacks and we're enjoying them in all their glory. Two further batches are on their way to our warehouses (one in the US and one in the UK), from where they will be shipped to early adopters. (If you're one of the early adopters, you will soon get an email from us with more information.)
Our work is nowhere near the end, however, because now we need to focus on reaching out to the book's audience and inform them that the book exists.
If you haven't purchased the book yet, now would be a very good time: because the official publication date is the 15th, we'll be maintaining the pre-order discount for a little while longer. You only have about 4-5 days to take advantage of the 25% discount. Buy now!
Blogs ::
ivanristic
Povezani zapisi:
08-31-2010 23:16
Rcbarnett: Created page with ' - This is a template for submitting or documenting ModSecurity CRS rule/signature descriptions to the OWASP ModSecurity Core Rule Set (CRS) Project. - Project participants…'
- This is a template for submitting or documenting ModSecurity CRS rule/signature descriptions to
the OWASP ModSecurity Core Rule Set (CRS) Project.
- Project participants are encouraged to copy this template and create landing pages for each CRS rule
- Use this template and create a new page using the following format - http://www.owasp.org/index.php?title=ModSecurity_CRS_RuleID-XXXXX (where XXXXX is the CRS ruleID)
== Rule ID: XXXXX ==
=== Rule ===
Provide the entire rule/rule chain here
=== Rule Summary ===
Provide rule background. What is the rule looking for? What attack is trying to identify or prevent.
=== Impact: Critical ===
This should be the Severity rating specified in the rule.
=== Detailed Information ===
Provide detailed information about the rule construction such as:
*Why the variable list specified was used
*A description of the regular expression used - what is is looking for in plain english
*What actions are used and why
=== Affected Software ===
If this attack only affects a specific piece of public software (if this is a virtual patch for a public disclosure) specify which info.
=== Attack Scenarios ===
Provide any data around "how" the attack is carried out.
=== Ease of Attack ===
How easy is it for an attacker to carry out the attack?
=== Ease of Detection ===
How easy is it for a defender to use ModSecurity to accurately detect this attack?
=== False Positives ===
If there are any known false positives - specify them here
=== False Negatives ===
Are there any know issues with evasions or how an attacker might bypass detection?
=== Corrective Action ===
Any tuning recommendations for the existing rule?
=== Contributors ===
Specify your name and email if you want credit for the rule or documentation of it.
=== Additional References ===
Provide any external reference links (e.g. - if this is a virtual patch for a known vuln link to the Bugtraq or CVE page).
Feed!
08-31-2010 23:16
Rcbarnett: Created page with ' - This is a template for submitting or documenting ModSecurity CRS rule/signature descriptions to the OWASP ModSecurity Core Rule Set (CRS) Project. - Project participants…'
- This is a template for submitting or documenting ModSecurity CRS rule/signature descriptions to
the OWASP ModSecurity Core Rule Set (CRS) Project.
- Project participants are encouraged to copy this template and create landing pages for each CRS rule
- Use this template and create a new page using the following format - http://www.owasp.org/index.php?title=ModSecurity_CRS_RuleID-XXXXX (where XXXXX is the CRS ruleID)
== Rule ID: XXXXX ==
=== Rule ===
Provide the entire rule/rule chain here
=== Rule Summary ===
Provide rule background. What is the rule looking for? What attack is trying to identify or prevent.
=== Impact: Critical ===
This should be the Severity rating specified in the rule.
=== Detailed Information ===
Provide detailed information about the rule construction such as:
*Why the variable list specified was used
*A description of the regular expression used - what is is looking for in plain english
*What actions are used and why
=== Affected Software ===
If this attack only affects a specific piece of public software (if this is a virtual patch for a public disclosure) specify which info.
=== Attack Scenarios ===
Provide any data around "how" the attack is carried out.
=== Ease of Attack ===
How easy is it for an attacker to carry out the attack?
=== Ease of Detection ===
How easy is it for a defender to use ModSecurity to accurately detect this attack?
=== False Positives ===
If there are any known false positives - specify them here
=== False Negatives ===
Are there any know issues with evasions or how an attacker might bypass detection?
=== Corrective Action ===
Any tuning recommendations for the existing rule?
=== Contributors ===
Specify your name and email if you want credit for the rule or documentation of it.
=== Additional References ===
Provide any external reference links (e.g. - if this is a virtual patch for a known vuln link to the Bugtraq or CVE page).
Feed!
08-27-2010 21:50
Greetings everyone,
I wanted to announce the availability of the OWASP ModSecurity CRS v2.0.8.
You can also use the util/rules-updater.pl script to auto-download thelatest ZIP archive (see the rules-updater-example.conf file for Repo data).
TESTING -
We have integrated the new CRS into the Demo page to help facilitate
community testing -
http://www.modsecurity.org/demo/
CHANGES -
--------------------------
Version 2.0.8 - 08/27/2010
--------------------------
Improvements:
- Updated the PHPIDS filters
- Updated the SQL Injection filters to detect boolean attacks (1<2, foo ==
bar, etc..)
- Updated the SQL Injection filters to account for different quotes
- Added UTF-8 encoding validation support to the
modsecurity_crs_10_config.conf file
- Added Rule ID 950109 to detect multiple URL encodings
- Added two experimental rules to detect anomalous use of special characters
Bug Fixes:
- Fixed Encoding Detection RegEx (950107 and 950108)
- Fixed rules-updater.pl script to better handle whitespace
https://www.modsecurity.org/tracker/browse/MODSEC-167
- Fixed missing pass action bug in
modsecurity_crs_21_protocol_anomalies.conf
https://www.modsecurity.org/tracker/browse/CORERULES-55
- Fixed the anomaly scoring in the modsecurity_crs_41_phpids_filters.conf
file
https://www.modsecurity.org/tracker/browse/CORERULES-54
- Updated XSS rule id 958001 to improve the .cookie regex to reduce false
postives
https://www.modsecurity.org/tracker/browse/CORERULES-29
Feed!
08-27-2010 21:50
Greetings everyone,
I wanted to announce the availability of the OWASP ModSecurity CRS v2.0.8.
You can also use the util/rules-updater.pl script to auto-download thelatest ZIP archive (see the rules-updater-example.conf file for Repo data).
TESTING -
We have integrated the new CRS into the Demo page to help facilitate
community testing -
http://www.modsecurity.org/demo/
CHANGES -
--------------------------
Version 2.0.8 - 08/27/2010
--------------------------
Improvements:
- Updated the PHPIDS filters
- Updated the SQL Injection filters to detect boolean attacks (1<2, foo ==
bar, etc..)
- Updated the SQL Injection filters to account for different quotes
- Added UTF-8 encoding validation support to the
modsecurity_crs_10_config.conf file
- Added Rule ID 950109 to detect multiple URL encodings
- Added two experimental rules to detect anomalous use of special characters
Bug Fixes:
- Fixed Encoding Detection RegEx (950107 and 950108)
- Fixed rules-updater.pl script to better handle whitespace
https://www.modsecurity.org/tracker/browse/MODSEC-167
- Fixed missing pass action bug in
modsecurity_crs_21_protocol_anomalies.conf
https://www.modsecurity.org/tracker/browse/CORERULES-55
- Fixed the anomaly scoring in the modsecurity_crs_41_phpids_filters.conf
file
https://www.modsecurity.org/tracker/browse/CORERULES-54
- Updated XSS rule id 958001 to improve the .cookie regex to reduce false
postives
https://www.modsecurity.org/tracker/browse/CORERULES-29
Feed!
