[Owasp-modsecurity-core-rule-set] Working on Paranoia-Mode for Core Rules 3.0.0

Noël Zindel mail at noelzindel.org
Thu Jan 7 20:52:20 UTC 2016


Thanks Chaim, thanks Christian.

Gotcha. Will get back to you.

> On 07 Jan 2016, at 21:23, Christian Folini <christian.folini at netnea.com> wrote:
> 
> 
>> Reading through the tasks it appears to me that a good part requires at least an intermediate understanding of ModSec and the CRS -
>> even though comparing the two rulesets and documenting the project should be possible even for me; I’ll sign up for that as soon as I have access to the wiki.
> 
> Pick something of your choice. If you are any good at drawing,
> "Draw flowchart" would be a good choice.
> "Write new stricter siblings for existing rules" should meet your
> level of expertise just as well. You could start and play around
> with 981173 immediately: copy the rule under a new ID and make
> it stricter / paranoid. Once this is done, try and make sure a
> uuid is no longer triggering the rule (-> whitelist uuid format
> to circumvent the rule; this uuid false positive is a speciality
> of 981173).
> 
> More candidates will pop up as we progress.
> 
> Best,
> 
> Christian
> 
>> 
>> I see myself more as additional “computing power”. So, if you need help with anything or got a task for me, let me know.
>> Just answer right here or ping me at mail(at)noelzindel(dot)org.
>> 
>> Regards,
>> Noël
>> 
>> 
>>> On 07 Jan 2016, at 08:54, Christian Folini <christian.folini at netnea.com> wrote:
>>> 
>>> Dear all,
>>> 
>>> As mentioned in my previous response to Walter, I got enough
>>> feedback to form a little team to work on this.
>>> 
>>> We created a wiki page on the OWASP wiki under the CRS
>>> page:
>>> 
>>> https://www.owasp.org/index.php/OWASP_ModSec_CRS_Paranoia_Mode
>>> 
>>> I linked to this page from the main CRS page, where I introduced
>>> a section about the upcoming 3.0.0 release.
>>> 
>>> We will try and document our work on this new CRS mode on the
>>> said wiki page. Technical discussions are supposed to be held
>>> in public, likely on this mailinglist for future archiving.
>>> 
>>> More helping hands are still welcome. You can can join
>>> formally by sending me a message, or you can take part in the
>>> discussions here or on the wiki.
>>> 
>>> Cheers,
>>> 
>>> Christian Folini
>>> 
>>> 
>>> 
>>> --
>>> Those who would give up Essential Liberty to purchase a little
>>> Temporary Safety, deserve neither Liberty nor Safety.
>>> -- Benjamin Franklin
>>> _______________________________________________
>>> Owasp-modsecurity-core-rule-set mailing list
>>> Owasp-modsecurity-core-rule-set at lists.owasp.org
>>> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>> 
> 
> 
> 
> 
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20160107/b3730b5d/attachment-0001.pgp>


More information about the Owasp-modsecurity-core-rule-set mailing list