[Owasp-modsecurity-core-rule-set] Check for User-agent field missing in CRS
micheleroviello at gmail.com
Wed Jul 15 11:46:54 UTC 2015
I have done some tests on XSS attacks with ModSecurity and the base rules
for XSS attack from the CRS.
I have found that this set of rules doesn't check for an XSS attack vector
in the User-agent field of the HTTP message.
Is this true or am I missing something?
Thank you for your consideration,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-modsecurity-core-rule-set