Friday, July 31, 2009

OWASP ModSecurity CoreRule Set (CRS) v2.0.0 Released

(posted by Ryan C. Barnett)

Greetings everyone,

We have some big news/changes with regards to the Core Rule Set (CRS). Please follow the information here to make sure that you understand the changes moving forward.

1) New Home for CRS
The Core Rule Set is now an official OWASP Project! Here is the new project site -

This is the new home of the CRS. The main goal of moving the CRS to OWASP is to better facilitate documentation and development of the rules. As you know, the OWASP pages are wiki-based so you all can go in there and help to document them :) I will add some example template pages soon to help get the ball rolling however my thinking is that we should emulate what Snort Sigs DB used to do and document the goal of each group of rules, what are they looking for, how are they looking for it and any false positive/exception fixes, etc...

Here is the new Download link page -

2) Changes to the CRS
The latest version of the CRS is v2.0.0 and there are significant changes. The most important ones are related to running in an anomaly scoring mode which allows the rules to collaborate to an overall anomaly score. This will allow users to set appropriate thresholds for their sites for logging/blocking. There are too many other changes to mention directly here so please review the CHANGELOG file - security/modsecurity-crs/0-CURRENT/CHANGELOG

3) Rule Update Tracking for the CRS
While the new OWASP project site will mainly be used for documentation purposes, all CRS rule issues will be tracked by using our Jira app - We want to track all bugs, false positives and false negatives (if there are any bypass evasion issues that you find), etc...

We are very excited about this new momentum for the CRS and we look forward to a more collaborative exchange with the community!

Ryan C. Barnett
WASC Distributed Open Proxy Honeypot Project Leader
OWASP ModSecurity Core Rule Set Project Leader
Tactical Web Application Security

No comments: