Security


Introducing crs-trigger.py   Recently updated !

This is a blog post about a new script, that will execute a request in order trigger an arbitrary Core Rule Set anomaly score. The OWASP ModSecurity Core Rule Set (short CRS) is a scoring rule set with individual rules working together to assess an incoming request and assigning it an anomaly score. An administrator […]


Nextcloud scanning

Having installed the latest Netxcloud on my server, I added ModSecurity and CRS 3 on the Apache instance. After some tuning and the configuration of geoIP with the help of our very own Christian Folini, I watched the logs fly by during a few hours and noticed scan.nextcloud.com accessing my /status.php. By going to this /status.php […]


An A7 First Aid Kit

Let’s consider Dave Wichers and the OWASP Top 10 project resists all the pressure and the 2017 edition of OWASP Top 10 will include the new A7 “Insufficient Attack Protection”. Lately the discussion has turned more constructive so maybe that prospect is not all that unrealistic. But honestly, I can not tell if A7 will […]


The Case for a DDoS Incident Handbook

You can go exploited for long periods of time, yet continue to do business in a state of ignorance, as Swiss Ruag did for years. But with Distributed Denial of Service attacks the case is entirely different. Your service comes to a halt within minutes and panic breaks out. You will notice, your boss will […]