Hello everyone, This email will most likely come as very welcomed news to most of you. We have just released a ruleset to the OWASP CRS that implements a basic framework for real-time application profiling - http://blog.spiderlabs.com/2011/02/modsecurity-advanced-topic-of-the-week-real-time-application-profiling.html
This initial version of the rules has the ability to profile and enforce the following on a per-resource basis: * Request Method(s) * Number of Parameters * Parameter Names * Parameter Length Ranges * Parameter Types - numeric or alpha Please test out this ruleset and provide feedback on the OWASP CRS mail-list. Cheers, Ryan ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
