Table des matières
CRS
Core Rule Set (OWASP)
Grâce au OWASP Core Rule Set (CRS), vous profitez d'emblée d'une pré-configuration optimale de votre Mod Security qui vous prémunit contre les attaques les plus courantes :
- Trojan,
- Injections d'emails,
- Faille des fichiers PDF,
- Injection de fichiers sur votre hébergement,
- injection de type SQL ou XSS,
- etc.
# Attack Detection:
- Malicious client software detection
- Generic Attack Detection
- SQL injection and Blind SQL injection.
- Cross Site Scripting (XSS).
- OS Command Injection and remote command access.
- File name injection.
- ColdFusion, PHP and ASP injection.
- E-Mail Injection
- HTTP Response Splitting.
- Universal PDF XSS.
- Trojans & Backdoors Detection
- Error Detection
- XML Protection
- Search Engine Monitoring
ModSecurity is an Apache web server module that provides a web application firewall engine. The ModSecurity Rules Language engine is extrememly flexible and robust and has been referred to as the “Swiss Army Knife of web application firewalls.” While this is certainly true, it doesn't do much implicitly on its own and requires rules to tell it what to do. In order to enable users to take full advantage of ModSecurity out of the box, we (OWASP) have developed the Core Rule Set (CRS) which provides critical protections against attacks across most every web architecture.
Unlike intrusion detection and prevention systems, which rely on signatures specific to known vulnerabilities, the CRS is based on generic rules which focus on attack payload identification in order to provide protection from zero day and unknown vulnerabilities often found in web applications, which are in most cases custom coded.
Compagnies Républicaines de Sécurité
Les CRS, créées en 1944 et réorganisées en 1948, forment un corps formé aux techniques anti-émeutes suite à la dissolution des Groupes mobiles de réserve (GMR) créés par le régime de Vichy.