Channels ▼
RSS

Security

Breach Security Launches Open-Source Project



Breach Security has announced a new release of its ModSecurity plug-in and the open sourcing of its associated Core Rules Set (CRS). ModSecurity is an Apache web server plug-in with extensive logging and auditing capabilities that lets you track all inbound and outbound traffic for your web application. Logging, and its associated amount of detail, can be turned on or off at runtime as needed, and can be triggered by certain conditions (such as suspected attacks) according to rules you create. When breaches are detected, request blocking can be turned on automatically to prevent further attack. ModSecurity lets you define these conditions. The output of the web site traffic auditing is designed to help you refine existing rule sets, or build new ones, to make your application more secure.

I recently spoke with Ryan Barnett, Director of Application Security Research at Breach Security, who told me more about ModSecurity. The rules that power ModSecurity are written in an event-based scripting language that's easy to extend and enhance. Barnett said that Breach Security believes that better security audit data leads to better attack detection and blocking. With this in mind, Breach Security has released the Core Rule Set as open-source under the GPL V2 license as part of the OWASP ModSecurity Core Rule Set Project. The goal is to leverage the community to improve and extend the CRS more quickly, benefiting the community as a whole.

OWASP, short for the "Open Web Application Secruity Project is a worldwide community of professionals focused on software security. More information on CRS at OWASP.org is available here. The available free CRS scripts, written in a language similar to SNORT, are estimated to be about 80% of what most organizations need to be secure. The remaining 20% comes from modifying the existing scripts and developing new ones specific to the application you're securing. Along with the CRS, Breach Security has added detailed documentation on how each rule works, and how to change them.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video