Les deux révisions précédentesRévision précédenteProchaine révision | Révision précédente |
glossaire:crs [16/08/2010 14:35] – cyrille | glossaire:crs [06/05/2023 23:53] (Version actuelle) – [Core Rule Set (OWASP)] cyrille |
---|
====== CRS ====== | ====== CRS ====== |
| |
===== Core Rule Set ===== | ===== Core Rule Set (OWASP) ===== |
| |
Grâce au Core Rule Set (CRS), vous profitez d'emblée d'une pré-configuration optimale de votre Mod Security qui vous prémunit contre les attaques les plus courantes : | Grâce au OWASP Core Rule Set (CRS), vous profitez d'emblée d'une pré-configuration optimale de votre Mod Security qui vous prémunit contre les attaques les plus courantes : |
| |
* Trojan, | * Trojan, |
* injection de type SQL ou XSS, | * injection de type SQL ou XSS, |
* etc. | * etc. |
* | # Attack Detection: |
| |
| * Malicious client software detection |
| * Generic Attack Detection |
| * SQL injection and Blind SQL injection. |
| * Cross Site Scripting (XSS). |
| * OS Command Injection and remote command access. |
| * File name injection. |
| * ColdFusion, PHP and ASP injection. |
| * E-Mail Injection |
| * HTTP Response Splitting. |
| * Universal PDF XSS. |
| * Trojans & Backdoors Detection |
| * Error Detection |
| * XML Protection |
| * Search Engine Monitoring |
ModSecurity is an Apache web server module that provides a web application firewall engine. The ModSecurity Rules Language engine is extrememly flexible and robust and has been referred to as the "Swiss Army Knife of web application firewalls." While this is certainly true, it doesn't do much implicitly on its own and requires rules to tell it what to do. In order to enable users to take full advantage of ModSecurity out of the box, [[/glossaire/OWASP|we (OWASP)]] have developed the Core Rule Set (CRS) which provides critical protections against attacks across most every web architecture. | ModSecurity is an Apache web server module that provides a web application firewall engine. The ModSecurity Rules Language engine is extrememly flexible and robust and has been referred to as the "Swiss Army Knife of web application firewalls." While this is certainly true, it doesn't do much implicitly on its own and requires rules to tell it what to do. In order to enable users to take full advantage of ModSecurity out of the box, [[/glossaire/OWASP|we (OWASP)]] have developed the Core Rule Set (CRS) which provides critical protections against attacks across most every web architecture. |
| |
| |
* [[http://www.modsecurity.org|www.modsecurity.org]] | * [[http://www.modsecurity.org|www.modsecurity.org]] |
| * https://coreruleset.org/ |
* [[http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project|OWASP ModSecurity Core Rule Set Project]] | * [[http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project|OWASP ModSecurity Core Rule Set Project]] |
| |