What is OWASP?

OWASP ModSecurity Core Rule Set (CRS)

The OWASP ModSecurity CRS Project's goal is to provide an easily "pluggable" set of generic attack detection rules that provide a base level of protection for any web application.

Introduction

The OWASP ModSecurity CRS is a set of web application defense rules for the open source, cross-platform ModSecurity Web Application Firewall (WAF).

Description

The OWASP ModSecurity CRS provides protections in the following attack/threat categories:

  • HTTP Protection - detecting violations of the HTTP protocol and a locally defined usage policy.
  • Real-time Blacklist Lookups - utilizes 3rd Party IP Reputation
  • HTTP Denial of Service Protections - defense against HTTP Flooding and Slow HTTP DoS Attacks.
  • Common Web Attacks Protection - detecting common web application security attacks.
  • Automation Detection - Detecting bots, crawlers, scanners and other surface malicious activity.
  • Integration with AV Scanning for File Uploads - detects malicious files uploaded through the web application.
  • Tracking Sensitive Data - Tracks Credit Card usage and blocks leakages.
  • Trojan Protection - Detecting access to Trojans horses.
  • Identification of Application Defects - alerts on application misconfigurations.
  • Error Detection and Hiding - Disguising error messages sent by the server.

For more information, visit their website at https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
  • what is, mod security, owasp, pre-sales, support
  • 0 Users Found This Useful
Was this answer helpful?

Related Articles

Do you allow adult related websites?

Yes we allow you to host adult related websites on our network. However, we do not allow the...

Can I send out Unsolicited Commercial Email (SPAM)?

NO. We have a very strong stance against the use of UCE to promote your site or product. Any site...

Can I cancel at anytime?

You are free to cancel at anytime. If you cancel within 30 days the full amount you paid, minus...

Do you automatically disconnect someone for exceeding their bandwidth limit?

Before you reach your allotted bandwidth limit emails will be sent to you. We will allow your...

Can I get a dedicated IP address?

Every account gets a dedicated/static IPv4 address free of charge. An IPv6 address is also...