[Owasp-modsecurity-core-rule-set] Rule evaluation framework

Christian Folini christian.folini at netnea.com
Mon Mar 28 04:46:49 UTC 2016


Good morning everyone,

Walter Hop has assembled a big list of ideas worth considering when
assessing a single core rule set rule. The list is one of the results of
many, many conversations around the paranoia mode and around
issues pending on github.

I invite you all to take a look and try and think of additional
considerations worth adding:
https://www.owasp.org/index.php/OWASP_ModSecurity_rule_evaluation_framework

When talking about the merits of a rule in the future, we can go
through this document like a checklist and decide on that base
afterwards. It makes all the decisions more transparent - and more
reliable.

This list is awesome!

Ahoj,

Christian

-- 
mailto:christian.folini at netnea.com
http://www.christian-folini.ch
twitter: @ChrFolini


More information about the Owasp-modsecurity-core-rule-set mailing list