Projects

ModSecurity for Apache Native implementation of the web application firewall, working as an Apache module. Both major Apache branches are supported. ModSecurity Core Rule Set (CRS) A collection of rules designed to detect common web application attacks, which turns ModSecurity into a Web Intrusion Detection tool. The ModSecurity Core Rules project is now an OWASP project and discussions have moved from the mod-security-users mailing list to the new owasp-modsecurity-core-rule-set mailing list. ModSecurity Demo The ModSecurity Demo is a joint effort between the ModSecurity and PHPIDS project teams to allow users to test ModSecurity and PHPIDS. Any data is sent to a ModSecurity install for inspection by the CRS and then it will be proxied to the PHPIDS page for normal inspection and processing. The response body will then be inspected to confirm if there are any evasion issues between the CRS and PHPIDS. ModSecurity Console ModSecurity Console is a network-based console designed to collect logs and alerts from remote ModSecurity sensors in real-time, providing security analysts with the support they need to keep their web systems secure. ModProfiler ModProfiler uses transaction logs to analyse traffic and create application models, which it can then export to ModSecurity rules that use a positive security model. Related External Projects GotRoot Rules for ModSecurity GootRoot maintains a large collection of rules for ModSecurity 1.9.x and 2.x. jwall.org Christian Bockermann wrote a number of very interesting tools, several of which are ModSecurity related: a Java library that reads ModSecurity's audit log format, a GUI application that displays contents of an audit log stream, a rule visualisation tool, and WebApplicationProfiler, which takes audit logs and builds positive security profiles out of them (with an option to export profiles to ModSecurity rules). Modsec2sguil Modsec2sguil is a Perl script that feeds ModSecurity audit logs to Sguil. Ouadjet Ouadjet uses ModSecurity audit logs to create positive-security policies and export them as ModSecurity rules. It currently works with ModSecurity 1.9.x. REMO REMO is a project to build a graphical rule editor for ModSecurity with a positive/whitelist approach. ScallyWhack ScallyWhack is a ModSecurity-based solution to block spam posted to Trac-driven websites. It's a lightweight, fast and flexible tool which recognizes and defeats all currently known methods to spam Trac. WeBekci WeBekci is a web based ModSecurity 2.x management tool. WeBekci is written in PHP, Its backend is powered by MySQL and the frontend by XAJAX framework. It is an OWASP project.