Category:OWASP ModSecurity Core Rule Set Project

=Main=



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

OWASP ModSecurity Core Rule Set (CRS)
The OWASP ModSecurity CRS Project's goal is to provide an easily "pluggable" set of generic attack detection rules that provide a base level of protection for any web application.

Introduction
The OWASP ModSecurity CRS is a set of web application defense rules for the open source, cross-platform ModSecurity Web Application Firewall (WAF).

Description
The OWASP ModSecurity CRS provides protections if the following attack/threat categories:
 * HTTP Protection - detecting violations of the HTTP protocol and a locally defined usage policy.
 * Real-time Blacklist Lookups - utilizes 3rd Party IP Reputation
 * HTTP Denial of Service Protections - defense against HTTP Flooding and Slow HTTP DoS Attacks.
 * Common Web Attacks Protection - detecting common web application security attack.
 * Automation Detection - Detecting bots, crawlers, scanners and other surface malicious activity.
 * Integration with AV Scanning for File Uploads - detects malicious files uploaded through the web application.
 * Tracking Sensitive Data - Tracks Credit Card usage and blocks leakages.
 * Trojan Protection - Detecting access to Trojans horses.
 * Identification of Application Defects - alerts on application misconfigurations.
 * Error Detection and Hiding - Disguising error messages sent by the server.

Licensing
OWASP ModSecurity CRS is free to use. It is licensed under the Apache Software License version 2 (ASLv2), so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

What is OWASP ModSecurity CRS?
OWASP ModSecurity CRS provides:


 * Baseline protection for common web application attacks.

Presentation

 * OWASP ModSecurity CRS Preso - PPT
 * OWASP ModSecurity CRS Preso - Video

Project Leader
Project Leader:
 * Ryan Barnett

Contributors:
 * Josh Zlatin
 * Roberto Salgado
 * Ashar Javed (@soaj1664ashar)

Related Projects

 * [OWASP Securing WebGoat using ModSecurity Project]
 * [OWASP AppSensor Project]
 * [OWASP Blacklist Regex Repository]


 * valign="top" style="padding-left:25px;width:200px;" |

Quick Download

 * Latest CRS (TAR/GZ)
 * Latest CRS (ZIP)

Source Code Repo

 * OWASP ModSecurity CRS on GitHub

Mailing List

 * OWASP CRS Mail-list

Donate
ModSecurity Core Rule Set Project


 * }

=FAQs=


 * Q1
 * A1


 * Q2
 * A2

= Acknowledgements =

Volunteers
XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:


 * xxx
 * xxx

Others

 * xxx
 * xxx

= Road Map and Getting Involved = As of XXX, the priorities are:
 * xxx
 * xxx
 * xxx

Involvement in the development and promotion of XXX is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
 * xxx
 * xxx

=Project About= }