Breach Security has announced two new ModSecurity Rules developments, the ModSecurity Core Rule Set (CRS) and the commercial Enhanced Rule Set (ERS).
Breach Security said that the CRS is now an official OWASP project that facilitates community collaboration. The ERS has been enhanced to address the attack vectors such as cross-site request forgery (CSRF), remote file inclusion (RFI) and HTTP parameter pollution.
The company said that ModSecurity is a web application firewall engine that requires rules to operate effectively. The Core Rule Set is based on generic rules that provide protection from unknown vulnerabilities found in web applications.
Reportedly, the open source CRS is provided free to the public to enable community collaboration, such as rules documentation, information regarding identification and handling of false positives, workarounds and recommendations for new rules.
The company has also released version 2.0 of the CRS with enhancements such as, snort web attack signatures, collaborative rules, anomaly scoring, and exception handling.
In addition, the company also offers the new ERS version as a commercial package, which includes the features of the CRS as well as cross-site request forgery protection, session hijacking protection, identification of improper output encoding, anti-automation rule set, password strength validation, and audit logins.