Owasp Modsecurity Core Rule Set Project presented at OWASP Appsec 2009

by Ryan C. Barnett (Breach Security),

Tags: Security Web Application Security

URL : http://www.owasp.org/index.php/OWASP_ModSecurity_Core_Rule_Set_Project

Summary : The ModSecurity Core Rule Set (CRS) is a free, generic set of web application firewall rules that provide valuable protection against web attacks. In 2009, the CRS was made into an official OWASP project (http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project) to help facilitate the development of the rules. This presentation will provide an overview of the CRS version 2.0 functionality, how it works and all of the new features including - - Snort web attack signatures Includes a large rule set of converted Emerging Threats? Snort web attack signatures and Breach Security Labs will continue to periodically release new signatures. - Collaborative rules Now operates in a collaborative fashion where all CRS rules can set transactional variables to specify what rule matched, the location of the match and what payload data matched. - Anomaly scoring Each rule now contributes to the overall anomaly score and users can choose what threshold is appropriate for their site. - Easier exception handling Users are now able to add in their own local exceptions to override the CRS checks without needing to edit the rules themselves.