Saturday, August 28, 2010

OWASP ModSecurity CRS v2.0.8

Greetings everyone,
I wanted to announce the availability of the OWASP ModSecurity CRS v2.0.8.

Download page -
You can also use the util/ script to auto-download the latest ZIP archive (see the rules-updater-example.conf file for Repo data).

We have integrated the new CRS into the Demo page to help facilitate community testing -

Version 2.0.8 - 08/27/2010

- Updated the PHPIDS filters
- Updated the SQL Injection filters to detect boolean attacks (1<2, foo == bar, etc..)
- Updated the SQL Injection filters to account for different quotes
- Added UTF-8 encoding validation support to the modsecurity_crs_10_config.conf file
- Added Rule ID 950109 to detect multiple URL encodings
- Added two experimental rules to detect anomalous use of special characters

Bug Fixes:
- Fixed Encoding Detection RegEx (950107 and 950108)
- Fixed script to better handle whitespace
- Fixed missing pass action bug in modsecurity_crs_21_protocol_anomalies.conf
- Fixed the anomaly scoring in the modsecurity_crs_41_phpids_filters.conf file
- Updated XSS rule id 958001 to improve the .cookie regex to reduce false postives

Ryan Barnett
OWASP ModSecurity Core Rule Set Project Leader

No comments: