The Open Worldwide Application Security Project® (OWASP) is a nonprofit foundation that works to improve software security. One of many OWASP’s projects is Core Rule Set (CRS). It is a set of generic attack detection rules for use with any compatible web application firewall (WAF). The CRS aims to protect web applications from a wide range of attacks, including the OWASP® Top Ten, with a minimum of false alerts. The CRS provides protection against many common attack categories, including:
SQL Injection (SQLi)
Cross Site Scripting (XSS)
Local File Inclusion (LFI)
Remote File Inclusion (RFI)
PHP Code Injection
Java Code Injection
HTTPoxy
Shellshock
Unix/Windows Shell Injection
Session Fixation
Scripting/Scanner/Bot Detection
Metadata/Error Leakages
CRS 3 provides over 90% reduction of false alerts in a default install.
In the last three years reported by Verizon researchers, Web applications are one of the most often used action vectors of attack. The 2023 edition of DBIR confirms this growing trend (see figures below). Web protection is one of the crucial techniques for cyber defense in organizations.
Other vital insights from Verizon's 2023 Data Breach Investigations Report (DBIR):
83% of breaches involved external actors.
The motivation of 95% of breaches is financially driven.
Attackers access an organization in three primary ways: stolen credentials, phishing, and exploitation of vulnerabilities.
9% of incidents involve exploiting vulnerabilities, while 8% involve using stolen credentials.
For incidents that contain the maltreatment of vulnerabilities, those vulnerabilities were massively exploited via Web applications (more than 30%).
More than 32% of all Log4j scanning activity over the year happened within 30 days of its release.
To address web protection needs, Labyrinth Deception Platform has embedded from the beginning a unique technology - Universal Web Points - more in the article “Web protection”: https://labyrinth.tech/news/posts/web-protection
This technology will be supported by OWASP® CRS in our coming Labyrinth Deception platform release soon: a full-fledged Web Application Firewall has been added to Universal Web Point to detect the types of attacks more accurately on the Point itself, including both OWASP® Top 10 and other vulnerabilities. At the same time, the detected attacks do not affect the web application with which the Point is associated.