OWASP ModSecurity CoreRule Set (CRS) v2.0.0 Released
(posted by Ryan C. Barnett)
Greetings everyone,
We have some big news/changes with regards to the Core Rule Set (CRS). Please follow the information here to make sure that you understand the changes moving forward.
The Core Rule Set is now an official OWASP Project! Here is the new project site -
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project.
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Download
The latest version of the CRS is v2.0.0 and there are significant changes. The most important ones are related to running in an anomaly scoring mode which allows the rules to collaborate to an overall anomaly score. This will allow users to set appropriate thresholds for their sites for logging/blocking. There are too many other changes to mention directly here so please review the CHANGELOG file -
http://voxel.dl.sourceforge.net/project/mod- security/modsecurity-crs/0-CURRENT/CHANGELOG
While the new OWASP project site will mainly be used for documentation purposes, all CRS rule issues will be tracked by using our Jira app -https://www.modsecurity.org/tracker/. We want to track all bugs, false positives and false negatives (if there are any bypass evasion issues that you find), etc...
Ryan C. Barnett
WASC Distributed Open Proxy Honeypot Project Leader
OWASP ModSecurity Core Rule Set Project Leader
Tactical Web Application Security
http://tacticalwebappsec.blogspot.com/
Greetings everyone,
We have some big news/changes with regards to the Core Rule Set (CRS). Please follow the information here to make sure that you understand the changes moving forward.
The Core Rule Set is now an official OWASP Project! Here is the new project site -
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project.
http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project#tab=Download
The latest version of the CRS is v2.0.0 and there are significant changes. The most important ones are related to running in an anomaly scoring mode which allows the rules to collaborate to an overall anomaly score. This will allow users to set appropriate thresholds for their sites for logging/blocking. There are too many other changes to mention directly here so please review the CHANGELOG file -
http://voxel.dl.sourceforge.net/project/mod- security/modsecurity-crs/0-CURRENT/CHANGELOG
While the new OWASP project site will mainly be used for documentation purposes, all CRS rule issues will be tracked by using our Jira app -https://www.modsecurity.org/tracker/. We want to track all bugs, false positives and false negatives (if there are any bypass evasion issues that you find), etc...
Ryan C. Barnett
WASC Distributed Open Proxy Honeypot Project Leader
OWASP ModSecurity Core Rule Set Project Leader
Tactical Web Application Security
http://tacticalwebappsec.blogspot.com/
posted by Jim Manico at
6:17 PM
0 Comments:
Post a Comment
Subscribe to Post Comments [Atom]
<< Home