[Owasp-modsecurity-core-rule-set] [mod-security-users] Announcing Release of OWASP ModSecurity CRS v2.1.2

Ryan Barnett RBarnett at trustwave.com
Wed Mar 2 08:26:06 EST 2011


Has anyone had a chance to try out the new profiling rules?  I am
interested to hear feedback.

-Ryan



On 2/17/11 4:52 PM, "Ryan Barnett" <RBarnett at trustwave.com> wrote:

>Hello everyone,
>I am pleased to announce the release of the OWASP ModSecurity Core Rule
>Set (CRS) v2.1.2.  This is a significant update as we have added a couple
>very important capabilities.
>
>CHANGE LOG -
>--------------------------
>Version 2.1.2 - 02/17/2011
>--------------------------
>
>Improvements:
>- Added experimental real-time application profiling ruleset.
>- Added experimental Lua script for profiling the # of page scripts,
>iframes, etc..
>  which will help to identify successful XSS attacks and planting of
>malware links.
>- Added new CSRF detection rule which will trigger if a subsequent
>request comes too
>  quickly (need to use the Ignore Static Content rules).
>
>Bug Fixes:
>- Added missing " in the skipAfter SecAction in the CC Detection rule set
>
>--------------------------
>DOWNLOADING
>--------------------------
>Manual Downloading:
>You can always download the latest CRS version here -
>https://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURR
>ENT/
>
>Automated Downloading:
>Use the rules-updater.pl script in the CRS /util directory
>
># Get a list of what the repository contains:
>$ ./rules-updater.pl -rhttp://www.modsecurity.org/autoupdate/repository/
>-l
>
>Repository: http://www.modsecurity.org/autoupdate/repository
>
>modsecurity-crs {
>          2.0.0: modsecurity-crs_2.0.0.zip
>          2.0.1: modsecurity-crs_2.0.1.zip
>          2.0.2: modsecurity-crs_2.0.2.zip
>          2.0.3: modsecurity-crs_2.0.3.zip
>          2.0.4: modsecurity-crs_2.0.4.zip
>          2.0.5: modsecurity-crs_2.0.5.zip
>          2.0.6: modsecurity-crs_2.0.6.zip
>          2.0.7: modsecurity-crs_2.0.7.zip
>          2.0.8: modsecurity-crs_2.0.8.zip
>          2.0.9: modsecurity-crs_2.0.9.zip
>          2.0.9: modsecurity-crs_2.0.10.zip
>          2.1.0: modsecurity-crs_2.1.0.zip
>          2.1.1: modsecurity-crs_2.1.1.zip
>          2.1.2: modsecurity-crs_2.1.2.zip
>}
>
># Get the latest stable version of "modsecurity-crs":
>$ ./rules-updater.pl -rhttp://www.modsecurity.org/autoupdate/repository/
>-prules -Smodsecurity-crs
>Fetching: modsecurity-crs/modsecurity-crs_2.1.2.zip ...
>$ ls -R rules
>modsecurity-crs
>
>rules/modsecurity-crs:
>modsecurity-crs_2.1.2.zip    modsecurity-crs_2.1.2.zip.sig
>
>--
>Ryan Barnett
>Senior Security Researcher
>Trustwave - SpiderLabs
>
>________________________________
>This transmission may contain information that is privileged,
>confidential, and/or exempt from disclosure under applicable law. If you
>are not the intended recipient, you are hereby notified that any
>disclosure, copying, distribution, or use of the information contained
>herein (including any reliance thereon) is STRICTLY PROHIBITED. If you
>received this transmission in error, please immediately contact the
>sender and destroy the material in its entirety, whether in electronic or
>hard copy format.
>
>
>--------------------------------------------------------------------------
>----
>The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
>Pinpoint memory and threading errors before they happen.
>Find and fix more than 250 security defects in the development cycle.
>Locate bottlenecks in serial and parallel code that limit performance.
>http://p.sf.net/sfu/intel-dev2devfeb
>_______________________________________________
>mod-security-users mailing list
>mod-security-users at lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/mod-security-users
>Commercial ModSecurity Appliances, Rule Sets and Support:
>http://www.modsecurity.org/breach/index.html
>




More information about the Owasp-modsecurity-core-rule-set mailing list