This directory contains the files for Core ModSecurity Rule Set ( CRS ). The rules are compatible with ModSecurity 2.5 ( as of version 1.4.3 ). ModSecurity™is an open source, free web application firewall ( WAF ) Apache module. With over 70% of all attacks now carried out over the web application level, organizations need all the help they can get in making their systems secure. It provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring and real-time analysis with little or no changes to existing infrastructure. Web servers are typically well-equipped to log traffic in a form useful for marketing analyses, but fall short logging traffic to web applications. In particular, most are not capable of logging the request bodies. Your adversaries know this, and that is why most attacks are now carried out via POST requests, rendering your systems blind. ModSecurity makes full HTTP transaction logging possible, allowing complete requests and responses to be logged. In addition to providing logging facilities, ModSecurity can monitor the HTTP traffic in real time in order to detect attacks. In this case, ModSecurity operates as a web intrusion detection tool, allowing you to react to suspicious events that take place at your web systems. ModSecurity™ is a web application firewall engine that provides very little protection on its own. In order to become useful, ModSecurity™ must be configured with rules. In order to enable users to take full advantage of ModSecurity™ out of the box, Trustwave's SpiderLabs is providing a free certified rule set for ModSecurity™ 2.x. The Core Rules provide generic protection from unknown vulnerabilities often found in web applications, which are in most cases custom coded. In order to provide generic web applications protection, the Core Rules use the following techniques: HTTP Protection - detecting violations of the HTTP protocol and a locally defined usage policy; Real-time Blacklist Lookups - utilizes 3rd Party IP Reputation; Web-based Malware Detection - identifies malicious web content by check against the Google Safe Browsing API; HTTP Denial of Service Protections - defense against HTTP Flooding and Slow HTTP DoS Attacks; Common Web Attacks Protection - detecting common web application security attack; Automation Detection - Detecting bots, crawlers, scanners and other surface malicious activity; Integration with AV Scanning for File Uploads - detects malicious files uploaded through the web application; Tracking Sensitive Data - Tracks Credit Card usage and blocks leakages; Trojan Protection - Detecting access to Trojans horses; Identification of Application Defects - alerts on application misconfigurations; Error Detection and Hiding - Disguising error messages sent by the server. Core Rule Set ( CRS ) Project is a Open Web Application Security Project ( OWASP ) project.

>> Continue >>