[mod-security-users] DAST/SAST integration with ModSecurity
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] DAST/SAST integration with ModSecurity
|
From: Kyle R. O. <ky...@st...> - 2021-02-24 13:39:54
|
Hi, Is anyone aware of any attempts to integrate ModSecurity with either a SAST or DAST? I figured it would be more common, but I've only seen DAST integration mentioned in a couple of Ryan Barnett's articles from 2012: https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/modsecurity-advanced-topic-of-the-week-automated-virtual-patching-using-owasp-zed-attack-proxy/ https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/dynamic-dastwaf-integration-realtime-virtual-patching/ They mention a couple of Perl scripts, which I was able to find here: https://github.com/coreruleset/coreruleset/tree/v3.4/dev/util/virtual-patching I'm also a quite curious about how these scripts came about and how effective they are (I'm currently testing out the ZAP one). Thanks, Kyle |
