OWASP ModSecurity Core Rule Set sandbox launched to help security researchers test new CVEs

Security researchers can now test payloads against the OWASP ModSecurity Core Rule Set with a new sandbox released by the project maintainers. The CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. A sandbox API was created following “regular” conversations with security researchers about how they can use the CRS. The code behind the CRS sandbox was inspired by a meeting with PortSwigger’s James Kettle and Gareth Hayes at AppSec Amsterdam in 2019.

The sandbox, which is free to use, is hosted on AWS and collects logs, though the IP addresses will be anonymized. Plans for future features include the ability to create a users’ ‘hall of fame’ and share information on payloads with others.

OWASP ModSecurity Core Rule Set sandbox launched to help security researchers test new CVEs

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

OWASP ModSecurity Core Rule Set sandbox launched to help security researchers test new CVEs

9-Dec-21

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address