[Owasp-modsecurity-core-rule-set] Proposal for another language for CRS

Mirko Dziadzka mirko.dziadzka at gmail.com
Thu May 24 13:39:12 UTC 2018


Let me introduce myself first. I’m working in the realm of developing Web Application Firewalls for more than 13 years now. 
Currently I’m working for a company which is using modsecurity and the CRS as one component of the WAF part of their product.

In this role, we are thinking about how we can improve and develop the language, especially the language in which the CRS rules are described.

I wrote down some first thoughts about this here:

https://github.com/avinetworks/owasp-crs-technical-discussion/blob/master/language-draft.md <https://github.com/avinetworks/owasp-crs-technical-discussion/blob/master/language-draft.md>

More detailed specification and code will follow in the next couple of weeks, but I would like to have
this development as public as possible and start the discussion as soon as possible.

I would like to get feedback about these ideas from the community, so please feel free to comment.

I will be on the AppSec EU in July in London and would like to discuss the ideas in more details there.


Mirko Dziadzka

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20180524/443c23ac/attachment.html>

More information about the Owasp-modsecurity-core-rule-set mailing list