[Owasp-modsecurity-core-rule-set] Proposal for another language for CRS

Chaim Sanders chaim at chaimsanders.com
Thu May 24 13:43:48 UTC 2018


Mirko,
I'm excited to review your work. Most of us are very familiar with the
current language but that doesn't mean that we couldn't benefit
significantly from considering other, more modern approaches. I for one
certainly like the YAML format (makes it easier to read). I look forward to
talking about this more.

On Thu, May 24, 2018 at 9:40 AM Mirko Dziadzka <mirko.dziadzka at gmail.com>
wrote:

> Hello
>
> Let me introduce myself first. I’m working in the realm of developing Web
> Application Firewalls for more than 13 years now.
> Currently I’m working for a company which is using modsecurity and the CRS
> as one component of the WAF part of their product.
>
> In this role, we are thinking about how we can improve and develop the
> language, especially the language in which the CRS rules are described.
>
> I wrote down some first thoughts about this here:
>
>
> https://github.com/avinetworks/owasp-crs-technical-discussion/blob/master/language-draft.md
>
> More detailed specification and code will follow in the next couple of
> weeks, but I would like to have
> this development as public as possible and start the discussion as soon as
> possible.
>
> I would like to get feedback about these ideas from the community, so
> please feel free to comment.
>
> I will be on the AppSec EU in July in London and would like to discuss the
> ideas in more details there.
>
> Greetings
>
> Mirko Dziadzka
> https://www.owasp.org/index.php/User:Mirko_Dziadzka
>
> _______________________________________________
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
>


-- 
-- 
Chaim Sanders
http://www.ChaimSanders.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20180524/1a96f65f/attachment.html>


More information about the Owasp-modsecurity-core-rule-set mailing list