The OWASP CRS Sampling Mode
Running ModSecurity CRS for the first time on an existing service is like a jump into murky water.
With the sampling mode you can run CRS on a limited percentage of the traffic, which reduces the risk a big deal.
Security
Phasing out SSL / TLS protocols and ciphers with user-friendly error messages
The phasing out of legacy encryption protocols like TLS 1.0 or the family of CBC encryption ciphers is a recurring necessity. This has been going on for many years. And it will only be a few years until TLS 1.2 should be retired in favor of its successor TLS 1.3. When disabling one of the […]
Introducing crs-trigger.py
This is a blog post about a new script, that will execute a request in order trigger an arbitrary Core Rule Set anomaly score. The OWASP ModSecurity Core Rule Set (short CRS) is a scoring rule set with individual rules working together to assess an incoming request and assigning it an anomaly score. An administrator […]
Nextcloud scanning
Having installed the latest Netxcloud on my server, I added ModSecurity and CRS 3 on the Apache instance. After some tuning and the configuration of geoIP with the help of our very own Christian Folini, I watched the logs fly by during a few hours and noticed scan.nextcloud.com accessing my /status.php. By going to this /status.php […]
An A7 First Aid Kit
Let’s consider Dave Wichers and the OWASP Top 10 project resists all the pressure and the 2017 edition of OWASP Top 10 will include the new A7 “Insufficient Attack Protection”. Lately the discussion has turned more constructive so maybe that prospect is not all that unrealistic. But honestly, I can not tell if A7 will […]