Has anyone had a chance to try out the new profiling rules? I am interested to hear feedback.
-Ryan On 2/17/11 4:52 PM, "Ryan Barnett" <[email protected]> wrote: >Hello everyone, >I am pleased to announce the release of the OWASP ModSecurity Core Rule >Set (CRS) v2.1.2. This is a significant update as we have added a couple >very important capabilities. > >CHANGE LOG - >-------------------------- >Version 2.1.2 - 02/17/2011 >-------------------------- > >Improvements: >- Added experimental real-time application profiling ruleset. >- Added experimental Lua script for profiling the # of page scripts, >iframes, etc.. > which will help to identify successful XSS attacks and planting of >malware links. >- Added new CSRF detection rule which will trigger if a subsequent >request comes too > quickly (need to use the Ignore Static Content rules). > >Bug Fixes: >- Added missing " in the skipAfter SecAction in the CC Detection rule set > >-------------------------- >DOWNLOADING >-------------------------- >Manual Downloading: >You can always download the latest CRS version here - >https://sourceforge.net/projects/mod-security/files/modsecurity-crs/0-CURR >ENT/ > >Automated Downloading: >Use the rules-updater.pl script in the CRS /util directory > ># Get a list of what the repository contains: >$ ./rules-updater.pl -rhttp://www.modsecurity.org/autoupdate/repository/ >-l > >Repository: http://www.modsecurity.org/autoupdate/repository > >modsecurity-crs { > 2.0.0: modsecurity-crs_2.0.0.zip > 2.0.1: modsecurity-crs_2.0.1.zip > 2.0.2: modsecurity-crs_2.0.2.zip > 2.0.3: modsecurity-crs_2.0.3.zip > 2.0.4: modsecurity-crs_2.0.4.zip > 2.0.5: modsecurity-crs_2.0.5.zip > 2.0.6: modsecurity-crs_2.0.6.zip > 2.0.7: modsecurity-crs_2.0.7.zip > 2.0.8: modsecurity-crs_2.0.8.zip > 2.0.9: modsecurity-crs_2.0.9.zip > 2.0.9: modsecurity-crs_2.0.10.zip > 2.1.0: modsecurity-crs_2.1.0.zip > 2.1.1: modsecurity-crs_2.1.1.zip > 2.1.2: modsecurity-crs_2.1.2.zip >} > ># Get the latest stable version of "modsecurity-crs": >$ ./rules-updater.pl -rhttp://www.modsecurity.org/autoupdate/repository/ >-prules -Smodsecurity-crs >Fetching: modsecurity-crs/modsecurity-crs_2.1.2.zip ... >$ ls -R rules >modsecurity-crs > >rules/modsecurity-crs: >modsecurity-crs_2.1.2.zip modsecurity-crs_2.1.2.zip.sig > >-- >Ryan Barnett >Senior Security Researcher >Trustwave - SpiderLabs > >________________________________ >This transmission may contain information that is privileged, >confidential, and/or exempt from disclosure under applicable law. If you >are not the intended recipient, you are hereby notified that any >disclosure, copying, distribution, or use of the information contained >herein (including any reliance thereon) is STRICTLY PROHIBITED. If you >received this transmission in error, please immediately contact the >sender and destroy the material in its entirety, whether in electronic or >hard copy format. > > >-------------------------------------------------------------------------- >---- >The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: >Pinpoint memory and threading errors before they happen. >Find and fix more than 250 security defects in the development cycle. >Locate bottlenecks in serial and parallel code that limit performance. >http://p.sf.net/sfu/intel-dev2devfeb >_______________________________________________ >mod-security-users mailing list >[email protected] >https://lists.sourceforge.net/lists/listinfo/mod-security-users >Commercial ModSecurity Appliances, Rule Sets and Support: >http://www.modsecurity.org/breach/index.html > _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
