Monthly Archive: January, 2014

Tags used by OWASP CRS ModSecurity rules

I couldn’t find a definitive list of the tags used by the OWASP CRS ModSecurity rules, so after a bit of faffing around, here’s what I’ve come up with for the “base” rules in OWASP CRS version 2.2.9 (current at the time of writing). I’ve tried to group them together as best I can: Web Attack: OWASP_CRS/WEB_ATTACK/XSS OWASP_CRS/WEB_ATTACK/DIR_TRAVERSAL OWASP_CRS/WEB_ATTACK/RFI OWASP_CRS/WEB_ATTACK/COMMAND_INJECTION...