[mod-security-users] Rules database
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
[mod-security-users] Rules database
|
From: Roman Medina-H. H. <ro...@rs...> - 2005-04-04 11:34:49
|
Hi, I'm interested in protecting webapps in a "generic way" (more or less :-)), which means that if I choose to install a PHP-Nuke portal and a new SQL injection bug in that portal is disclosed, it will not be exploitable (the code would still be buggy until patching, but that's unavoidable). Of course, the idea is to catch the more kind of bugs being possible (not only SQL injection, but directory traversal, remote PHP script injection, shell injection, etc). I visited: http://www.modsecurity.org/db/rules/ But I got a bit disappointed when I saw only 4 rules :-(. The db seems to be discontinued... ? I'm wondering whether: 1) There are other "repositories" for mod-security rules, or 2) Some of you, security-specialists, would be kind enough to share the rules you have, ideas, etc. Other repositories (not direcly related to Mod-security but perhaps easily "convertible" to; for instance, rules from other IPS devices) may also be interesting. Hope hearing from you, guys :-) Kind regards, -Rom=E1n |
