Security Hub

Bring your software development workflows to security

icon-waf

OWASP WAF rules

Signals & Triggers

On request
If request body or query string match a OWASP Modsecurity core rule

Actions

  • Log the malicious request Log the malicious request

Details

This plugin detects injections attempts in your application traffic based on a set of signatures published by the OWASP and qualified by Sqreen.

Detecting attacks acurately just using flat network data is inefficient and prone to false positives. This detection is mostly used by Sqreen to get an early signal to improve attack detection inside the application.

Advanced details

On HTTP request, Sqreen executes a qualified subset of the OWASP Modsecurity Core Rules Set to detect injections attempts.

Sqreen filters findings based on an internal Knowledge base to reduce false positives. This happens on Sqreen backend.

The following injections categories are covered:

  • SQL Injection (SQLi)
  • Cross Site Scripting (XSS)
  • Local File Inclusion (LFI)
  • Remote File Inclusion (RFI)
  • Remote Code Execution (RCE)
  • PHP Code Injections

More details at https://coreruleset.org/

Language support

  • Ruby
  • Node.js
  • PHP
  • Python
  • Java

Data collected by Sqreen

Signals

No data collected


On attack
  • Request payload
  • Attacker IP
  • Attacker account (Sqreen SDK)

Built for developers and modern apps

Get up and running in minutes just by installing our lightweight library. Enable plugins in just a couple of clicks.

  • Node.js
  • Ruby
  • PHP
  • Python
  • Java
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

$ npm install --save sqreen

$ echo '{ "token": "your token" }' > sqreen.json

 

// This should be the first line of your app

require('sqreen');

$ echo "gem 'sqreen'" >> Gemfile

$ bundle install

$ echo "token: your token" > config/sqreen.yml

$ curl -s https://download.sqreen.io/php/install.sh > sqreen-install.sh && bash sqreen-install.sh your token

$ pip install sqreen

$ echo -e "[sqreen]\ntoken: your token" > sqreen.ini

 

# Insert at the top of your app file (typically wsgi.py or app.py)

import sqreen

sqreen.start()

$ curl https://download.sqreen.io/java/sqreen-latest-all.jar -o sqreen.jar

 

// Add JVM startup options:

-javaagent:/path/to/sqreen.jar -Dsqreen.token={{your token}}

Build amazing products. Keep them safe.

3 min installation · Try all features for 14 days · No credit card required Get started Request demo