[Owasp-peru] Fwd: [Owasp-leaders] Announcing Release of OWASP ModSecurity Core Rule Set (CRS) v2.0.8

John Vargas johnvargas at gmail.com
Fri Aug 27 16:00:36 EDT 2010


Señores,

Ya esta disponible la nueva version del OWASP ModSecurity CRS aqui les dejo
el correo enviado por el lider del proyecto.

Saludos



---------- Forwarded message ----------
From: Ryan Barnett <ryan.barnett at owasp.org>
Date: Fri, Aug 27, 2010 at 2:38 PM
Subject: [Owasp-leaders] Announcing Release of OWASP ModSecurity Core Rule
Set (CRS) v2.0.8
To: "owasp-modsecurity-core-rule-set at lists.owasp.org" <
owasp-modsecurity-core-rule-set at lists.owasp.org>, "
mod-security-users at lists.sourceforge.net" <
mod-security-users at lists.sourceforge.net>
Cc: "owasp-leaders at lists.owasp.org" <owasp-leaders at lists.owasp.org>


 Greetings everyone,
I wanted to announce the availability of the OWASP ModSecurity CRS v2.0.8.

DOWNLOADING -
Download page -
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Download
You can also use the util/rules-updater.pl script to auto-download the
latest ZIP archive (see the rules-updater-example.conf file for Repo data).

TESTING -
We have integrated the new CRS into the Demo page to help facilitate
community testing -
http://www.modsecurity.org/demo/

CHANGES -
--------------------------
Version 2.0.8 - 08/27/2010
--------------------------

Improvements:
- Updated the PHPIDS filters
- Updated the SQL Injection filters to detect boolean attacks (1<2, foo ==
bar, etc..)
- Updated the SQL Injection filters to account for different quotes
- Added UTF-8 encoding validation support to the
modsecurity_crs_10_config.conf file
- Added Rule ID 950109 to detect multiple URL encodings
- Added two experimental rules to detect anomalous use of special characters

Bug Fixes:
- Fixed Encoding Detection RegEx (950107 and 950108)
- Fixed rules-updater.pl script to better handle whitespace
  https://www.modsecurity.org/tracker/browse/MODSEC-167
- Fixed missing pass action bug in
modsecurity_crs_21_protocol_anomalies.conf
  https://www.modsecurity.org/tracker/browse/CORERULES-55
- Fixed the anomaly scoring in the modsecurity_crs_41_phpids_filters.conf
file
  https://www.modsecurity.org/tracker/browse/CORERULES-54
- Updated XSS rule id 958001 to improve the .cookie regex to reduce false
postives
  https://www.modsecurity.org/tracker/browse/CORERULES-29


--
Ryan Barnett
OWASP ModSecurity Core Rule Set Project Leader

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders




-- 
---------------------------------------------------------------
John Vargas P.  - LRU # 357244
Security Consultant - OWASP Perú Chapter Leader
Visita: http://www.owasp.org/index.php/Peru


More information about the OWASP-Peru mailing list