Would anyone be willing to participate in a ModSecurity project similar to what SANS Internet Storm Center is doing here -
Project announcement - http://isc.sans.edu/diary.html?storyid=11272 Project Scripts - http://isc.sans.edu/tools/404project.html Some stats - http://isc.sans.edu/diary.html?storyid=11323 The idea would be to use live ModSecurity installations as pseudo-sensors to collect scanning data for 404 errors by adding in a new custom SecRule that would trigger an exec script. The benefit of this approach is that there is less likelihood of exposing sensitive data while still identifying automatic probes. If you are interested in participating, please email me directly. Thanks, Ryan Barnett ModSecurity Project Lead Trustwave SpiderLabs Research Team ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
