>I'd rather not focus on this particular tool, but create some system that would secure for example some specific kinds of websites. Agreed, you should be applying your thoughts to the arena of "web application security," where mod_security is your method of implementing/testing/analyzing your particular focus. >Are there any tools that help organising, applying mod security rules? Is it needed? What could make it more research-like? Any hints please? The iterations of the CRS are a pain since they can change a bit with each release, but that is the nature of their maturity. They are hard to understand since they aren't documented in detail. You know, the webgoat project (a kind of web app honey pot at http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project <blocked::http://www.owasp.org/index.php/Category:OWASP_WebGoat_Project> and I seem to recall another one used by Google) being protected by mod_security would be an ideal way to document (and do unit testing on) the CRS. I don't know if that is how the CRS is tested and benchmarked? I would have to say that the LUA scripting engine would be also be an ideal place to insert your value or hypothesis with or without using the CRS since mod_security is an incredible auditing tool: - test out new, hypothesized attacks and create an algorithmic or heuristic response to log/drop the attacks in LUA/custom rules/etc. - attach mod_security to a Bayesian filter (http://en.wikipedia.org/wiki/Bayesian_filter) and apply email like tactics to web traffic/attacks
Mark Lavi Senior Web Producer sgi 46600 Landing Parkway Fremont, CA 94538 (510) 933-5234 direct [email protected] <blocked::mailto:[email protected]> www.sgi.com <blocked::http://www.sgi.com/> ________________________________ From: Pawel Duda [mailto:[email protected]] Sent: Friday, January 21, 2011 12:46 PM To: [email protected] Subject: [mod-security-users] mod_security - how to use for master thesis? Hi, I've been playing with mod_security for some time and I'd like somehow to use it in my master thesis. I don't know exactly how this work could be more interesting than describing what mod_security does, what kind of web attacks can be prevented using it, what are other functions of it (like analysing if the requests are really HTTP, analysing XML). I'd rather not focus on this particular tool, but create some system that would secure for example some specific kinds of websites. Are there any tools that help organising, applying mod security rules? Is it needed? What could make it more reaserch-like? Any hints please?
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
