[Owasp-leaders] Announcing Real-time Application Profiling with ModSecurity

Ryan Barnett ryan.barnett at owasp.org
Thu Feb 17 13:39:51 EST 2011


Hello leaders,
I wanted to send out this note to the group as I have just added an
important new capability to the OWASP ModSecurity Core Rule Set (CRS)
Project - real­time application profiling.  I worked on this a bit while at
the Global Summit last week.  I was inspired after the AppSensor dynamic
working session to try and get this capability added to the project.  What
is great is that now we map more CRS items directly to AppSensor detection
points!

This initial version of the rules has the ability to profile and enforce the
following on a per-resource basis:
* Request Method(s)
* Number of Parameters
* Parameter Names
* Parameter Length Ranges
* Parameter Types - numeric or alpha
One of my main goals for this effort was to help reduce the attack surface
of SQLi attacks that exploit numeric parameter fields.  The auto-generated
input validation for numeric fields will help to prevent successful
exploitation.

Here is my blog post on this new release -
http://blog.spiderlabs.com/2011/02/modsecurity-advanced-topic-of-the-week-re
al-time-application-profiling.html

Cheers,
Ryan


-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110217/5c4680c6/attachment-0001.html 


More information about the OWASP-Leaders mailing list