[Owasp-modsecurity-core-rule-set] 404 Project Initiative

Ryan Barnett RBarnett at trustwave.com
Thu Dec 29 15:31:35 UTC 2011

Would anyone be willing to participate in a ModSecurity project similar to what SANS Internet Storm Center is doing here -

Project announcement - http://isc.sans.edu/diary.html?storyid=11272
Project Scripts - http://isc.sans.edu/tools/404project.html
Some stats - http://isc.sans.edu/diary.html?storyid=11323

The idea would be to use live ModSecurity installations as pseudo-sensors to collect scanning data for 404 errors by adding in a new custom SecRule that would trigger an exec script.  The benefit of this approach is that there is less likelihood of exposing sensitive data while still identifying automatic probes.

If you are interested in participating, please email me directly.

Ryan Barnett
ModSecurity Project Lead
Trustwave SpiderLabs Research Team

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

More information about the Owasp-modsecurity-core-rule-set mailing list