[Owasp-modsecurity-core-rule-set] Announcing the ModSecurity/Core Rule Set Demo Testing Page

Ryan Barnett Ryan.Barnett at breach.com
Wed Nov 11 12:40:51 EST 2009

Please excuse the cross-posting, but we have some very exciting news to announce.  We have *finally* released our ModSecurity/Core Rule Set demonstration testing page - http://www.modsecurity.org/demo/

This page allows clients to send attack data to a ModSecurity/CRS installation on the www.modsecurity.org site where it will be first inspected by the CRS for attack payloads, it will then be proxied to the outstanding PHPIDS smoketest demo page here - http://demo.php-ids.org/.  The return traffic will then be inspected to see if any evasion issues exist and the user will be presented with results of all rules matches.

We are very excited about this demo page is it will cerntainly help to facilitate more community involvement with security testing of our rules.  Any errors, evasions, etc... can either be reported back here on the OWASP CRS mail-list and/or to the JIRA bug tracker system - https://www.modsecurity.org/tracker/browse/CORERULES

Have fun :)

-Breach Security Labs (Ryan Barnett and Brian Rectanus)

More information about the Owasp-modsecurity-core-rule-set mailing list