Breach Security Facilitates Community Testing of ModSecurity Core Rule Set with Launch of Demonstration Testing Page

ModSecurity is a web application firewall engine that requires rules to operate most effectively. The CRS is based on generic rules that provide protection from zero-day and unknown vulnerabilities often found in web applications, which are typically custom-coded and difficult to secure. The open source ModSecurity CRS is provided free to the public and has recently become an official OWASP Project with Breach Security Labs as the sponsor. As with any signature-based security application, constant testing and updates are essential. To help facilitate easier community testing of the CRS, Breach Security has released a demonstration testing page at http://www.modsecurity.org/demo/modsecurity-demo.html.

This page will allow users to send attack data through a live ModSecurity/CRS installation in order to identify any evasion issues. If a user identifies an issue, they can notify Breach Security personnel by either submitting a bug report ticket or by sending an email to the OWASP ModSecurity CRS mail-list.

“Breach Security is in a unique position in the web application firewall industry,” said Ryan Barnett, director of application security research for Breach Security, ModSecurity community manager and OWASP ModSecurity Core Rule Set project leader. “Having an open source product such as ModSecurity in our portfolio allows us to expose our security rules to the public for quality assurance and testing purposes in ways that other security vendors cannot. We want to leverage the global pool of outstanding web application security experts to help test ModSecurity to make it a better tool for the community at large.”

Benefits of providing the demonstration testing page include:

• The Core Rule Set will be tested by pen-testing specialists who are experts in breaking into web applications and evading security filtering devices.
• Breach Security is lowering the barrier for testing by not requiring community testers to install the software themselves.
• Breach Security is expediting the identification and reporting steps, which shorten the fix cycle.
• Signature improvements will be leveraged back into the entire Breach Security product line.

About Breach Security

Breach Security, Inc. is the leading provider of real-time, continuous web application integrity, security and compliance that protects sensitive web-based information. Breach Security’s products protect web applications from hacking attacks and data leakage, and ensure applications operate as intended. The company’s products are trusted by thousands of organizations around the world, including leaders in finance, healthcare, ecommerce, travel and government. For more information, please visit www.breach.com.

Schwartz Communications
Jill Reed or Clinton Karr, +1-415-512-0770
breachsecurity@schwartz-pr.com