[Owasp-modsecurity-core-rule-set] Working on Paranoia-Mode for Core Rules 3.0.0

Christian Folini christian.folini at netnea.com
Thu Jan 7 20:23:27 UTC 2016


Noël,

On Thu, Jan 07, 2016 at 08:34:31PM +0100, Noël Zindel wrote:
> Nevertheless, I seem to understand the basics and I’m highly motivated to dig deeper.

That's the spirit. Any project has tasks for newbies and this
is no different. Glad to have you in my team.

> Reading through the tasks it appears to me that a good part requires at least an intermediate understanding of ModSec and the CRS -
> even though comparing the two rulesets and documenting the project should be possible even for me; I’ll sign up for that as soon as I have access to the wiki.

Pick something of your choice. If you are any good at drawing, 
"Draw flowchart" would be a good choice.
"Write new stricter siblings for existing rules" should meet your
level of expertise just as well. You could start and play around
with 981173 immediately: copy the rule under a new ID and make
it stricter / paranoid. Once this is done, try and make sure a
uuid is no longer triggering the rule (-> whitelist uuid format
to circumvent the rule; this uuid false positive is a speciality 
of 981173).

More candidates will pop up as we progress.

Best,

Christian

> 
> I see myself more as additional “computing power”. So, if you need help with anything or got a task for me, let me know.
> Just answer right here or ping me at mail(at)noelzindel(dot)org.
> 
> Regards,
> Noël
> 
> 
> > On 07 Jan 2016, at 08:54, Christian Folini <christian.folini at netnea.com> wrote:
> > 
> > Dear all,
> > 
> > As mentioned in my previous response to Walter, I got enough
> > feedback to form a little team to work on this.
> > 
> > We created a wiki page on the OWASP wiki under the CRS
> > page:
> > 
> > https://www.owasp.org/index.php/OWASP_ModSec_CRS_Paranoia_Mode
> > 
> > I linked to this page from the main CRS page, where I introduced
> > a section about the upcoming 3.0.0 release.
> > 
> > We will try and document our work on this new CRS mode on the
> > said wiki page. Technical discussions are supposed to be held
> > in public, likely on this mailinglist for future archiving.
> > 
> > More helping hands are still welcome. You can can join
> > formally by sending me a message, or you can take part in the
> > discussions here or on the wiki.
> > 
> > Cheers,
> > 
> > Christian Folini
> > 
> > 
> > 
> > --
> > Those who would give up Essential Liberty to purchase a little
> > Temporary Safety, deserve neither Liberty nor Safety.
> > -- Benjamin Franklin
> > _______________________________________________
> > Owasp-modsecurity-core-rule-set mailing list
> > Owasp-modsecurity-core-rule-set at lists.owasp.org
> > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
> 






More information about the Owasp-modsecurity-core-rule-set mailing list