L A B Y R I N T H

Loading

Gartner Peer Insights

OWASP® CRS for Web Protection

  1. Home
  2. Blog
  3. OWASP® CRS for Web Protection

06Sep

What is OWASP® CRS?

The Open Worldwide Application Security Project® (OWASP) is a nonprofit foundation that works to improve software security. One of many OWASP’s projects is Core Rule Set (CRS). It is a set of generic attack detection rules for use with any compatible web application firewall (WAF). The CRS aims to protect web applications from a wide range of attacks, including the OWASP® Top Ten, with a minimum of false alerts. The CRS provides protection against many common attack categories, including:

  • SQL Injection (SQLi)
  • Cross Site Scripting (XSS)
  • Local File Inclusion (LFI)
  • Remote File Inclusion (RFI)
  • PHP Code Injection
  • Java Code Injection
  • HTTPoxy
  • Shellshock
  • Unix/Windows Shell Injection
  • Session Fixation
  • Scripting/Scanner/Bot Detection
  • Metadata/Error Leakages

CRS 3 provides over 90% reduction of false alerts in a default install.

OWASP® CRS website: https://coreruleset.org/

OWASP® Top Ten website: https://owasp.org/www-project-top-ten/

 

Why is web protection essential?

In the last three years reported by Verizon researchers, Web applications are one of the most often used action vectors of attack. The 2023 edition of DBIR confirms this growing trend (see figures below). Web protection is one of the crucial techniques for cyber defense in organizations.

Other vital insights from Verizon's 2023 Data Breach Investigations Report (DBIR):

  • 83% of breaches involved external actors.
  • The motivation of 95% of breaches is financially driven. 
  • Attackers access an organization in three primary ways: stolen credentials, phishing, and exploitation of vulnerabilities.
  • 9% of incidents involve exploiting vulnerabilities, while 8% involve using stolen credentials. 
  • For incidents that contain the maltreatment of vulnerabilities, those vulnerabilities were massively exploited via Web applications (more than 30%).
  • More than 32% of all Log4j scanning activity over the year happened within 30 days of its release.

The incidents described in this report occurred between November 1, 2021, and October 31, 2022. Please find the link to the report: https://www.verizon.com/business/resources/reports/dbir/

To address web protection needs, Labyrinth Deception Platform has embedded from the beginning a unique technology - Universal Web Points - more in the article “Web protection”:
https://labyrinth.tech/news/posts/web-protection

This technology will be supported by OWASP® CRS in our coming Labyrinth Deception platform release soon: a full-fledged Web Application Firewall has been added to Universal Web Point to detect the types of attacks more accurately on the Point itself, including both OWASP® Top 10 and other vulnerabilities. At the same time, the detected attacks do not affect the web application with which the Point is associated.

Regarding Log4j vulnerability mentioned in 2023 DBIR edition, you can find our article here:
https://labyrinth.tech/news/posts/log4j-vulnerability

Subscribe to our Newsletter

You successfully subscribed!