security-tools/blue-team-tools
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
4989d43ae97015f8113aed2efcd49d288b8fec21
blue-team-tools/rules/application/ruby/appframework_ruby_on_rails_exceptions.yml
T

30 lines
1.1 KiB
YAML
Raw Normal View History

fix: fixed casing and long rule titles
2020-01-30 17:26:09 +01:00
title: Ruby on Rails Framework Exceptions
Added UUIDs to rules
2019-11-12 23:12:27 +01:00
id: 0d2c3d4c-4b48-4ac3-8f23-ea845746bb1a
Fixed my git issue
2020-09-13 22:03:04 -06:00
status: stable
Added Ruby on Rails security-related exceptions rule
2017-08-06 22:57:52 +02:00
description: Detects suspicious Ruby on Rails exceptions that could indicate exploitation attempts
Change "reference" to "references" to match new schema
2018-01-28 02:12:19 +03:00
references:
Added Ruby on Rails security-related exceptions rule
2017-08-06 22:57:52 +02:00
- http://edgeguides.rubyonrails.org/security.html
- http://guides.rubyonrails.org/action_controller_overview.html
- https://stackoverflow.com/questions/25892194/does-rails-come-with-a-not-authorized-exception
Reference Update [Batch 1]
2022-07-07 15:24:15 +01:00
- https://github.com/rails/rails/blob/cd08e6bcc4cd8948fe01e0be1ea0c7ca60373a25/actionpack/lib/action_dispatch/middleware/exception_wrapper.rb
Order yaml field
2022-10-25 06:48:55 +02:00
author: Thomas Patzke
date: 2017/08/06
modified: 2020/09/01
tags:
- attack.initial_access
- attack.t1190
Added Ruby on Rails security-related exceptions rule
2017-08-06 22:57:52 +02:00
logsource:
Application security rules
2017-08-12 00:43:10 +02:00
category: application
Added Ruby on Rails security-related exceptions rule
2017-08-06 22:57:52 +02:00
product: ruby_on_rails
detection:
keywords:
- ActionController::InvalidAuthenticityToken
- ActionController::InvalidCrossOriginRequest
- ActionController::MethodNotAllowed
- ActionController::BadRequest
- ActionController::ParameterMissing
condition: keywords
falsepositives:
- Application bugs
level: medium
Reference in New Issue Copy Permalink