[Owasp-modsecurity-core-rule-set] OWASP ModSecurity Core Rule Set Community Summit: July 4, 2018, in London

Hiranmayi Palanki Hiranmayi.Palanki at aexp.com
Tue Mar 20 14:19:50 UTC 2018


Hello Christian and team,

Having recently tried out ModSecurity, it appears that lower paranoia levels (Basic, PL1, PL2, PL3) are not fully blocking all flavors of XSS and SQL injection.

Encoded XSS attacks are bypassing the CRS rules. Example below:
http://localhost:8082/xss2?uid=%3Balert%281%29%3B

Similarly for SQLi, the below pattern is getting through.

http://localhost:8082/sqli2?uid=3-2

When the Paranoia Level is set to PL4, the encoded XSS attack is blocked, however it crashes the application. With PL4, SQLi attack reported by the vulnerability scanner above, is still not blocked.

Is it possible to selectively add custom rules (for encoded XSS attacks) to the basic level or other lower levels that do not adversely impact the application?

Thanks.

From: owasp-modsecurity-core-rule-set-bounces+hiranmayi.palanki=aexp.com at lists.owasp.org [mailto:owasp-modsecurity-core-rule-set-bounces+hiranmayi.palanki=aexp.com at lists.owasp.org] On Behalf Of Christian Folini
Sent: Tuesday, March 20, 2018 2:57 AM
To: owasp-modsecurity-core-rule-set at lists.owasp.org; mod-security-users at lists.sourceforge.net
Subject: [Owasp-modsecurity-core-rule-set] OWASP ModSecurity Core Rule Set Community Summit: July 4, 2018, in London

Hi there,

Please save the date of our first Community Summit: July 4, 2018, at 4pm
in London.

https://coreruleset.org/20180320/save-the-date-crs-community-summit-on-july-4-2018/<https://isolate.menlosecurity.com/1/3735928037/https:/coreruleset.org/20180320/save-the-date-crs-community-summit-on-july-4-2018/>

This is meant to be a get-together of the community. We want to learn about
you and how you use CRS in your setups - and we want to talk with you about
the road map for the project and various feature requests.

The date is the night before AppSecEU. So you can join this get-together on
Wednesday and then attend AppSec EU on Thursday / Friday.

Please do consider to join us when Chaim, Walter and I meet for the first
time face2face. :)

Best,

Christian


--
https://www.feistyduck.com/training/modsecurity-training-course<https://isolate.menlosecurity.com/1/3735928037/https:/www.feistyduck.com/training/modsecurity-training-course>
https://www.feistyduck.com/books/modsecurity-handbook/<https://isolate.menlosecurity.com/1/3735928037/https:/www.feistyduck.com/books/modsecurity-handbook/>
mailto:christian.folini at netnea.com<mailto:christian.folini at netnea.com>
twitter: @ChrFolini
_______________________________________________
Owasp-modsecurity-core-rule-set mailing list
Owasp-modsecurity-core-rule-set at lists.owasp.org<mailto:Owasp-modsecurity-core-rule-set at lists.owasp.org>
https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set<https://isolate.menlosecurity.com/1/3735928037/https:/lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set>


American Express made the following annotations
******************************************************************************
"This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments. Thank you."

American Express a ajouté le commentaire suivant le Ce courrier et toute pièce jointe qu'il contient sont réservés au seul destinataire indiqué et peuvent renfermer des 
renseignements confidentiels et privilégiés. Si vous n'êtes pas le destinataire prévu, toute divulgation, duplication, utilisation ou distribution du courrier ou de toute pièce jointe est interdite. Si vous avez reçu cette communication par erreur, veuillez nous en aviser par courrier et détruire immédiatement le courrier et les pièces jointes. Merci.

******************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20180320/156387c4/attachment.html>


More information about the Owasp-modsecurity-core-rule-set mailing list