CSCv6|18.2

Title

Protect web applications by deploying web application firewalls (WAFs) that inspect all traffic flowing to the web application.

Description

Protect web applications by deploying web application firewalls (WAFs) that inspect all traffic flowing to the web application for common web application attacks, including but not limited to cross-site scripting, SQL injection, command injection, and directory traversal attacks. For applications that are not web-based, specific application firewalls should be deployed if such tools are available for the given application type. If the traffic is encrypted, the device should either sit behind the encryption or be capable of decrypting the traffic prior to analysis. If neither option is appropriate, a host-based web application firewall should be deployed.

Reference Item Details

Category: Application Software Security

Family: Application

Audit Items

View all Reference Audit Items

NamePluginAudit Name
6.6 Ensure ModSecurity Is Installed and EnabledUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
6.6 Ensure ModSecurity Is Installed and EnabledUnixCIS Apache HTTP Server 2.4 L2 v2.0.0
6.6 Ensure ModSecurity Is Installed and EnabledUnixCIS Apache HTTP Server 2.2 L2 v3.5.0
6.6 Ensure ModSecurity Is Installed and EnabledUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
6.6 Ensure ModSecurity Is Installed and EnabledUnixCIS Apache HTTP Server 2.4 L2 v2.0.0 Middleware
6.6 Ensure ModSecurity Is Installed and EnabledUnixCIS Apache HTTP Server 2.4 L2 v1.5.0
6.6 Ensure ModSecurity Is Installed and EnabledUnixCIS Apache HTTP Server 2.4 L2 v1.5.0 Middleware
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Active RulesUnixCIS Apache HTTP Server 2.4 L2 v1.5.0
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Active RulesUnixCIS Apache HTTP Server 2.4 L2 v1.5.0 Middleware
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Active RulesUnixCIS Apache HTTP Server 2.2 L2 v3.5.0
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Active RulesUnixCIS Apache HTTP Server 2.4 L2 v2.0.0 Middleware
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Active RulesUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Active RulesUnixCIS Apache HTTP Server 2.4 L2 v2.0.0
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Active RulesUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Inbound Anomaly ThresholdUnixCIS Apache HTTP Server 2.2 L2 v3.5.0
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Inbound Anomaly ThresholdUnixCIS Apache HTTP Server 2.4 L2 v2.0.0
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Inbound Anomaly ThresholdUnixCIS Apache HTTP Server 2.4 L2 v1.5.0 Middleware
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Inbound Anomaly ThresholdUnixCIS Apache HTTP Server 2.4 L2 v2.0.0 Middleware
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Inbound Anomaly ThresholdUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Inbound Anomaly ThresholdUnixCIS Apache HTTP Server 2.4 L2 v1.5.0
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Inbound Anomaly ThresholdUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Outbound Anomaly ThresholdUnixCIS Apache HTTP Server 2.2 L2 v3.5.0
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Outbound Anomaly ThresholdUnixCIS Apache HTTP Server 2.4 L2 v1.5.0 Middleware
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Outbound Anomaly ThresholdUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Outbound Anomaly ThresholdUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Outbound Anomaly ThresholdUnixCIS Apache HTTP Server 2.4 L2 v1.5.0
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Outbound Anomaly ThresholdUnixCIS Apache HTTP Server 2.4 L2 v2.0.0
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Outbound Anomaly ThresholdUnixCIS Apache HTTP Server 2.4 L2 v2.0.0 Middleware
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Paranoia LevelUnixCIS Apache HTTP Server 2.2 L2 v3.5.0
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Paranoia LevelUnixCIS Apache HTTP Server 2.2 L2 v3.6.0
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Paranoia LevelUnixCIS Apache HTTP Server 2.4 L2 v1.5.0
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Paranoia LevelUnixCIS Apache HTTP Server 2.2 L2 v3.6.0 Middleware
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Paranoia LevelUnixCIS Apache HTTP Server 2.4 L2 v1.5.0 Middleware
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Paranoia LevelUnixCIS Apache HTTP Server 2.4 L2 v2.0.0
6.7 Ensure the OWASP ModSecurity Core Rule Set Is Installed and Enabled - Paranoia LevelUnixCIS Apache HTTP Server 2.4 L2 v2.0.0 Middleware