Fantastic! Josh are you making it to the AppSecUSA for the SUMMIT or the Conference activities Nov 18-21st?
http://www.appsecusa.org On Thu, Oct 10, 2013 at 3:53 PM, Josh Amishav-Zlatin <jam...@owasp.org> wrote: > On Thu, Oct 10, 2013 at 10:01 PM, Aaron Bedra <aaron.be...@gmail.com> wrote: >> >> Thanks Josh! >> >> I implemented it into the backend of my Repsheet project >> >> https://github.com/repsheet/backend/blob/master/src/ofdp.c >> > > That's great! Since my initial announcement I've added C&C malware IPs > (specifically Zeus and Spyeye) as well as significantly increased the number > of open proxies tracked. Let me know if I can be of any help. > > Thanks, > > -- > - Josh > >> >> >> On Mon, Sep 30, 2013 at 7:49 AM, Josh Amishav-Zlatin <jam...@owasp.org> >> wrote: >>> >>> After years of running WAFs using the Core Rule Set I wanted a way to >>> detect >>> known malicious users before they get a chance to send their attack >>> payloads. >>> Normally, when an attacker sends their payload, the contents of the >>> request are checked via ModSecurity using the Core Rule Set (CRS). The CRS >>> is essentially a large black list which means that the payload either >>> matches or passes. There >>> is no middle ground. Attackers normally perform reconnaissance before >>> they >>> attack which may or may not contain malicious payloads. Ideally we want >>> to stop >>> known malicious attackers as early as possible, i.e. via an IP reputation >>> background check, and not wait for them to send their attack. >>> >>> As a result, I started on the Open Fraud Detection Project (OFDEP) which >>> aims at >>> providing a free community supported API that ModSecurity can query to >>> receive >>> a score indicating the odds that a given user / transaction is bad. The >>> WAF can >>> then make a decision on how to proceed based on the score. At the moment >>> the >>> API is Beta quality and supports IP, email address and username lookups. >>> Query >>> results are currently returned in XML but JSON will be supported shortly. >>> The >>> most common use cases that I tried to cover are: >>> >>> o IP reputation >>> o comment spam >>> o account creation fraud >>> >>> For specific API details see: http://wafsec.com/api.html >>> >>> -- >>> - Josh >>> >>> >>> ------------------------------------------------------------------------------ >>> October Webinars: Code for Performance >>> Free Intel webinars can help you accelerate application performance. >>> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most >>> from >>> the latest Intel processors and coprocessors. See abstracts and register >>> > >>> >>> http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> mod-security-users mailing list >>> mod-security-us...@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/mod-security-users >>> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >>> http://www.modsecurity.org/projects/commercial/rules/ >>> http://www.modsecurity.org/projects/commercial/support/ >>> >> >> >> >> ------------------------------------------------------------------------------ >> October Webinars: Code for Performance >> Free Intel webinars can help you accelerate application performance. >> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most >> from >> the latest Intel processors and coprocessors. See abstracts and register > >> >> http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk >> _______________________________________________ >> mod-security-users mailing list >> mod-security-us...@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/mod-security-users >> Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: >> http://www.modsecurity.org/projects/commercial/rules/ >> http://www.modsecurity.org/projects/commercial/support/ >> > > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
