github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Update README.md

Browse Source
This commit is contained in:
Felipe Zimmerle 2018-04-26 15:25:26 -03:00 committed by GitHub
parent 4c1add089c
commit daeca8a9ce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 16 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
README.md
View File

@ -1,31 +1,31 @@
# **** Draft **** # **** Draft ****
### What is ModSecurity? ## What is ModSecurity?
ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. ModSecurity is the most widely deployed WAF in existence. ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx that is developed by Trustwave's SpiderLabs. It has a robust event-based programming language which provides protection from a range of attacks against web applications and allows for HTTP traffic monitoring, logging and real-time analysis. ModSecurity is the most widely deployed WAF in existence.
#### What can ModSecurity do? ### What can ModSecurity do?
The freedom to choose what to do is an essential part of ModSecurity's identity and goes very well with its open source nature. With full access to the source code, your freedom to choose extends to the ability to customize and extend the tool itself to make it fit your needs. It's not a matter of ideology, but of practicality. List of scenarios where ModSecurity play an important hole: The freedom to choose what to do is an essential part of ModSecurity's identity and goes very well with its open source nature. With full access to the source code, your freedom to choose extends to the ability to customize and extend the tool itself to make it fit your needs. It's not a matter of ideology, but of practicality. List of scenarios where ModSecurity play an important hole:
##### Real-time application security monitoring and access control #### Real-time application security monitoring and access control
At its core, ModSecurity gives you access to the HTTP traffic stream, in real-time, along with the ability to inspect it. This is enough for real-time security monitoring. There's an added dimension of what's possible through ModSecurity's persistent storage mechanism, which enables you to track system elements over time and perform event correlation. You are able to reliably block, if you so wish, because ModSecurity uses full request and response buffering. At its core, ModSecurity gives you access to the HTTP traffic stream, in real-time, along with the ability to inspect it. This is enough for real-time security monitoring. There's an added dimension of what's possible through ModSecurity's persistent storage mechanism, which enables you to track system elements over time and perform event correlation. You are able to reliably block, if you so wish, because ModSecurity uses full request and response buffering.
##### Full HTTP traffic logging #### Full HTTP traffic logging
Web servers traditionally do very little when it comes to logging for security purposes. They log very little by default, and even with a lot of tweaking you are not able to get everything that you need. ModSecurity gives you that ability to log anything you need, including raw transaction data, which is essential for forensics. In addition, you get to choose which transactions are logged, which parts of a transaction are logged, and which parts are sanitized. Web servers traditionally do very little when it comes to logging for security purposes. They log very little by default, and even with a lot of tweaking you are not able to get everything that you need. ModSecurity gives you that ability to log anything you need, including raw transaction data, which is essential for forensics. In addition, you get to choose which transactions are logged, which parts of a transaction are logged, and which parts are sanitized.
##### Continuous passive security assessment #### Continuous passive security assessment
Security assessment is largely seen as an active scheduled event, in which an independent team is sourced to try to perform a simulated attack. Continuous passive security assessment is a variation of real-time monitoring, where, instead of focusing on the behavior of the external parties, you focus on the behavior of the system itself. It's an early warning system of sorts that can detect traces of many abnormalities and security weaknesses before they are exploited. Security assessment is largely seen as an active scheduled event, in which an independent team is sourced to try to perform a simulated attack. Continuous passive security assessment is a variation of real-time monitoring, where, instead of focusing on the behavior of the external parties, you focus on the behavior of the system itself. It's an early warning system of sorts that can detect traces of many abnormalities and security weaknesses before they are exploited.
##### Web application hardening #### Web application hardening
Attack surface reduction, in which you selectively narrow down the HTTP features you are willing to accept (e.g., request methods, request headers, content types, etc.). ModSecurity can assist you in enforcing many similar restrictions, either directly, or through collaboration with other web server modules. They all fall under web application hardening. For example, it is possible to fix many session management issues, as well as cross-site request forgery vulnerabilities. Attack surface reduction, in which you selectively narrow down the HTTP features you are willing to accept (e.g., request methods, request headers, content types, etc.). ModSecurity can assist you in enforcing many similar restrictions, either directly, or through collaboration with other web server modules. They all fall under web application hardening. For example, it is possible to fix many session management issues, as well as cross-site request forgery vulnerabilities.
##### Something small, yet very important to you #### Something small, yet very important to you
Real life often throws unusual demands to us, and that is when the flexibility of ModSecurity comes in handy where you need it the most. It may be a security need, but it may also be something completely different. For example, some people use ModSecurity as an XML web service router, combining its ability to parse XML and apply XPath expressions with its ability to proxy requests. Real life often throws unusual demands to us, and that is when the flexibility of ModSecurity comes in handy where you need it the most. It may be a security need, but it may also be something completely different. For example, some people use ModSecurity as an XML web service router, combining its ability to parse XML and apply XPath expressions with its ability to proxy requests.
#### What is the difference between ModSecurity version 3.x.x and v2.x.x? ### What is the difference between ModSecurity version 3.x.x and v2.x.x?
In version v3... In version v3...
@ -38,23 +38,23 @@ LibModSecurity is a complete rewrite of the ModSecurity. When it was first devis
As a result of this goal we have rearchitechted ModSecurity such that it is no longer dependent on the Apache web server (both at compilation and during runtime). Additionally, we have taken this opprotunity to lay the groundwork for some new features that users have been long seeking. For example we are looking to nativly support auditlogs in the JSON format, along with a host of other functionality in future versions. As a result of this goal we have rearchitechted ModSecurity such that it is no longer dependent on the Apache web server (both at compilation and during runtime). Additionally, we have taken this opprotunity to lay the groundwork for some new features that users have been long seeking. For example we are looking to nativly support auditlogs in the JSON format, along with a host of other functionality in future versions.
### Documentation ## Documentation
The project documentation can be found in our GitHub wiki: The project documentation can be found in our GitHub wiki:
- [Main GitHub page](https://github.com/SpiderLabs/ModSecurity/wiki/) - [Main GitHub page](https://github.com/SpiderLabs/ModSecurity/wiki/)
- [Reference Manual for version 2.9](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29) - [Reference Manual for version 2.9](https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual-%28v2.x%29)
### Contributing ## Contributing
Contributions of all natures are more than welcomed. If you are willing to send us code, please check the GitHub instructions on how to create a pull request: Contributions of all natures are more than welcomed. If you are willing to send us code, please check the GitHub instructions on how to create a pull request:
- [GitHub documentation on how to create a pull request](https://help.github.com/articles/creating-a-pull-request/) - [GitHub documentation on how to create a pull request](https://help.github.com/articles/creating-a-pull-request/)
### Rules ## Rules
#### Commercial Rules from Trustwave SpiderLabs ### Commercial Rules from Trustwave SpiderLabs
The ModSecurity Rules from Trustwave SpiderLabs are based on intelligence gathered from real-world investigations, penetration tests and research. The rules package is updated daily by the SpiderLabs Research Team to ensure that customers receive critical updates in a timely manner. The ModSecurity Rules from Trustwave SpiderLabs are based on intelligence gathered from real-world investigations, penetration tests and research. The rules package is updated daily by the SpiderLabs Research Team to ensure that customers receive critical updates in a timely manner.
@ -70,7 +70,7 @@ Here is a quick listing of security coverage:
Get to know more about [Commercial Rules from Trustwave SpiderLabs](https://ssl.trustwave.com/web-application-firewall) Get to know more about [Commercial Rules from Trustwave SpiderLabs](https://ssl.trustwave.com/web-application-firewall)
#### OWASP ModSecurity Core Rule Set (CRS) Version 3 ### OWASP ModSecurity Core Rule Set (CRS) Version 3
The OWASP ModSecurity CRS Project's goal is to provide an easily "pluggable" set of generic attack detection rules that provide a base level of protection for any web application. The OWASP ModSecurity CRS Project's goal is to provide an easily "pluggable" set of generic attack detection rules that provide a base level of protection for any web application.
@ -83,10 +83,10 @@ Our latest 3.0 version provides protections if the following attack/threat categ
- Error Detection and Hiding - Error Detection and Hiding
### Need help? ## Need help?
#### Commercial Services from Trustwave ### Commercial Services from Trustwave
Trustwave offers a number of commercial offerings and services to support the ModSecurity community including: Trustwave offers a number of commercial offerings and services to support the ModSecurity community including:
@ -97,7 +97,7 @@ Trustwave offers a number of commercial offerings and services to support the Mo
- ModSecurity Training - The SpiderLabs Research ModSecurity Team teaches students how to defend web applications with ModSecurity including hands-on lab activities and is available online or onsite in one, two or three-day seminars. - ModSecurity Training - The SpiderLabs Research ModSecurity Team teaches students how to defend web applications with ModSecurity including hands-on lab activities and is available online or onsite in one, two or three-day seminars.
#### Community Support ### Community Support
[Create a new issue](https://github.com/SpiderLabs/ModSecurity/issues/new) on our GitHub Project. [Create a new issue](https://github.com/SpiderLabs/ModSecurity/issues/new) on our GitHub Project.