[GPC] Seeking Java Dev help for ModSecurity Port

Jason Li jason.li at owasp.org
Wed Apr 6 21:38:17 EDT 2011


Juan,

That's for you to decide as the project leader. Depending on where you take
the project, it might make sense as a child project to the ModSecurity CRS
project, or it might make sense as it's own stand alone project. You guys
will have a better sense of where it fits than Paulo or the GPC.

And the decision doesn't have to be final - there's no rule that says that
projects can't merge or break away later on!

 -Jason

On Mon, Apr 4, 2011 at 11:23 AM, Calderon, Juan Carlos (GE, Corporate,
consultant) <juan.calderon at ge.com> wrote:

> Excuse me, I am still confused, can Project committee please clarify to me,
> where is the project going to be hosted?
>
> 1. As part of OWASP ModSecurity CRS
> 2. As a port of ModSecurity at ModSecurity.org (Ryan offered hosting , code
> repository and mailing lists)
> 3. New OWASP project
>
> Juan C Calderon
>
> -----Original Message-----
> From: Jason Li [mailto:jason.li at owasp.org]
> Sent: Friday, April 01, 2011 7:44 AM
> To: Paulo Coimbra
> Cc: Jim Manico; Ryan Barnett; Calderon, Juan Carlos (GE, Corporate,
> consultant); Arshan Dabirsiaghi; Global Projects Committee
> Subject: Re: [GPC] Seeking Java Dev help for ModSecurity Port
>
> Based on Jim's last email, that seems to be the appropriate action.
>
> -Jason
>
> On Apr 1, 2011, at 9:28 AM, "Paulo Coimbra" <paulo.coimbra at owasp.org>
> wrote:
>
> > If you all agree, I will be waiting for the 'formal project proposal'.
> >
> > Thanks,
> > - Paulo
> >
> >
> > Paulo Coimbra,
> > OWASP Project Manager
> >
> >>> -----Original Message-----
> >>> From: global-projects-committee-bounces at lists.owasp.org
> >>> [mailto:global-projects-committee-bounces at lists.owasp.org] On Behalf
> >>> Of Jim Manico
> >>> Sent: quinta-feira, 31 de Março de 2011 20:28
> >>> To: Jason Li
> >>> Cc: Ryan Barnett; Calderon, Juan Carlos (GE, Corporate, consultant);
> >>> Arshan Dabirsiaghi; Global Projects Committee
> >>> Subject: Re: [GPC] Seeking Java Dev help for ModSecurity Port
> >>>
> >>> Jason,
> >>>
> >>> First steps - we are stating our intention and placed the code in a
> >>> formal repot at Google code. We also got permission from Arshan (the
> >>> original coder) to run with it.
> >>>
> >>> Next step - formal project proposal. One of us will get to it soon.
> >>>
> >>> We do not want this under the "java project". As Ryan stated, we
> >>> want this under the ModSecurity core ruleset project.
> >>>
> >>> Aloha,
> >>> Jim
> >>>
> >>>
> >>>
> >>>> This is a very long thread between Ryan/Juan/Arshan/Jim and I
> >>> apologize that
> >>>> I haven't read through the whole thing - one reason why a project
> >>> proposal
> >>>> would be good so that these threads can be rolled up succinctly for
> >>> OWASP
> >>>> consumers :)
> >>>>
> >>>> But from my very quick skim, it sounds like you guys want to create
> >>> a Java
> >>>> WAF based on ModSecurity?
> >>>>
> >>>> For the record, I for one do *not* think that the project should be
> >>> placed
> >>>> under the OWASP Java project. The OWASP Java project (to me) is
> >>> about
> >>>> getting a knowledge base of proper application security principles
> >>> for
> >>>> developers using Java as their programming language. The proposed
> >>> project is
> >>>> just a tool/code project that happens to be written in Java.
> >>> Therefore, I
> >>>> think they need to be separate projects.
> >>>>
> >>>> -Jason
> >>>>
> >>>> On Thu, Mar 31, 2011 at 3:15 PM, Jim Manico <jim.manico at owasp.org>
> >>> wrote:
> >>>>
> >>>>> I just got off the phone with Arshan - and he said "guys, run with
> >>> it"
> >>>>>
> >>>>> So I still think we need to put Arshan's name on the project - he
> >>> is our
> >>>>> "Java WAF Founding Father" - but it is now our baby to do as we
> >>> wish
> >>>>> with it.
> >>>>>
> >>>>> Rock on Juan Carlos + Ryan!
> >>>>>
> >>>>> Never in my wildest AppSec dreams did I ever expect to be mixed up
> >>> in
> >>>>> WAF development. Forgive me if I get overly defensive about it at
> >>> times.
> >>>>>
> >>>>> *insert rim shot here*
> >>>>>
> >>>>> - Jim
> >>>>>
> >>>>>
> >>>>>> Speaking selfishly, I would love for this to be hosted under the
> >>>>> ModSecurity
> >>>>>> Project link as I want to bill this as a "port" of ModSecurity to
> >>> Java.
> >>>>> :)
> >>>>>>
> >>>>>> I will defer to Juan Carlos and Jim however as they are the leads.
> >>>>>>
> >>>>>> -Ryan
> >>>>>>
> >>>>>> From:  Paulo Coimbra <paulo.coimbra at owasp.org>
> >>>>>> Date:  Thu, 31 Mar 2011 18:46:12 +0100
> >>>>>> To:  'Jim Manico' <jim.manico at owasp.org>, "'Calderon, Juan Carlos
> >>> (GE,
> >>>>>> Corporate, consultant)'" <juan.calderon at ge.com>
> >>>>>> Cc:  Ryan Barnett <ryan.barnett at owasp.org>, 'Global Projects
> >>> Committee'
> >>>>>> <global-projects-committee at lists.owasp.org>
> >>>>>> Subject:  RE: Seeking Java Dev help for ModSecurity Port
> >>>>>>
> >>>>>>> Jim, Juan & Ryan,
> >>>>>>>
> >>>>>>> It¹s always a pleasure setting up a project for any of you
> >>> distinguished
> >>>>> OWASP
> >>>>>>> contributors and leaders. I propose though you firstly send us
> >>> off a
> >>>>> couple of
> >>>>>>> lines defining the project¹s purpose and a roadmap. If you agree
> >>> with
> >>>>> doing so
> >>>>>>> it will allow the GPC acting in accordance with its mission i.e.
> >>> ³(...)
> >>>>> the
> >>>>>>> GPC shall provide support and direction for new projects. (...)².
> >>>>> Additionally
> >>>>>>> from what I¹ve understood from the thread below, I was unsure
> >>> whether or
> >>>>> not
> >>>>>>> this new project could be placed under a broaden Java Project
> >>>>>>> hat
> >>> or if
> >>>>> it
> >>>>>>> could be hosted in a common root link also shared by the
> >>> ModSecurity
> >>>>> Core Rule
> >>>>>>> Set Project  does my interrogation make any sense?
> >>>>>>>
> >>>>>>> http://www.owasp.org/index.php/OWASP_Java_Project
> >>>>>>>
> >>>>>>>
> >>>>>
> >>> http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_
> >>> Se
> >>> t_Projec
> >>>>>>> t
> >>>>>>>
> >>>>>>> Please note that my above path proposal doesn¹t intend at all to
> >>> impose
> >>>>> any
> >>>>>>> kind of constraint to OWASP contributors¹ initiative and
> >>> therefore if
> >>>>> you
> >>>>>>> think is best that I set the templates right now before further
> >>> input
> >>>>> being
> >>>>>>> put available, as long as GPC also agrees, it will be done.
> >>>>>>> Truly
> >>> I am
> >>>>> just
> >>>>>>> looking for an approach to allow us a shared effort to create as
> >>> much
> >>>>> value
> >>>>>>> and synergies as possible.
> >>>>>>>
> >>>>>>> PS. Pablo is fine and, happy for being in people¹s minds, sends
> >>> regards
> >>>>> J
> >>>>>>>
> >>>>>>>
> >>>>>>> Thanks,
> >>>>>>> - Paulo
> >>>>>>>
> >>>>>>>
> >>>>>>> Paulo Coimbra,
> >>>>>>> OWASP Project Manager <
> >>>>> http://www.owasp.org/index.php/User:Paulo_Coimbra>
> >>>>>>>
> >>>>>>>
> >>>>>>> From: Jim Manico [mailto:jim.manico at owasp.org]
> >>>>>>> Sent: quarta-feira, 30 de Março de 2011 21:31
> >>>>>>> To: Calderon, Juan Carlos (GE, Corporate, consultant)
> >>>>>>> Cc: Ryan Barnett; Paulo Coimbra
> >>>>>>> Subject: Re: Seeking Java Dev help for ModSecurity Port
> >>>>>>>
> >>>>>>> Paulo,
> >>>>>>>
> >>>>>>> We would like to start a new project -
> >>>>>>>
> >>>>>>> "The OWASP Java Web Application Firewall"
> >>>>>>>
> >>>>>>> Could you send us a project template please? And could you tell
> >>> Pablo
> >>>>> hello
> >>>>>>> for us? (joking ;)
> >>>>>>>
> >>>>>>> Thanks all.
> >>>>>>> - Jim
> >>>>>>>
> >>>>>>> PS: Juan Carlos - I'm so very grateful someone of your skill is
> >>> jumping
> >>>>> in to
> >>>>>>> help us!!!
> >>>>>>>
> >>>>>>>>> Not yet, there is not even a project page so far, as this is
> >>> very new.
> >>>>>>>>>
> >>>>>>>>> We should let Pablo know about this "new" project. Would you
> >>>>>>>>> do
> >>> it Jim
> >>>>>>>>> or should I do it?
> >>>>>>>>>
> >>>>>>>>> Regards,
> >>>>>>>>> Juan C Calderon
> >>>>>>>>> Softtek GDC Aguascalientes
> >>>>>>>>>
> >>>>>>>>> -----Original Message-----
> >>>>>>>>> From: Ryan Barnett [mailto:ryan.barnett at owasp.org]
> >>>>>>>>> Sent: Wednesday, March 30, 2011 1:20 PM
> >>>>>>>>> To: Calderon, Juan Carlos (GE, Corporate, consultant); Jim
> >>> Manico
> >>>>>>>>> Subject: Re: Seeking Java Dev help for ModSecurity Port
> >>>>>>>>>
> >>>>>>>>> Should I CC Arshan on this topic?  Or is there an owasp-java-
> >>> waf
> >>>>>>>>> mail-list?
> >>>>>>>>>
> >>>>>>>>> -Ryan
> >>>>>>>>>
> >>>>>>>>> On 3/30/11 12:00 PM, "Calderon, Juan Carlos (GE, Corporate,
> >>>>> consultant)"
> >>>>>>>>> <juan.calderon at ge.com> wrote:
> >>>>>>>>>
> >>>>>>>>>>> It's OK for me, the more visibility I get on the OWASP WAF
> >>> the
> >>>>>>>>>>> better, I expect some people get interested and test it on
> >>> real
> >>>>> world.
> >>>>>>>>>>>
> >>>>>>>>>>> Regards,
> >>>>>>>>>>> Juan C Calderon
> >>>>>>>>>>>
> >>>>>>>>>>> -----Original Message-----
> >>>>>>>>>>> From: Ryan Barnett [mailto:ryan.barnett at owasp.org]
> >>>>>>>>>>> Sent: Wednesday, March 30, 2011 9:51 AM
> >>>>>>>>>>> To: Calderon, Juan Carlos (GE, Corporate, consultant); Jim
> >>> Manico
> >>>>>>>>>>> Subject: Re: Seeking Java Dev help for ModSecurity Port
> >>>>>>>>>>>
> >>>>>>>>>>> Awesome news Juan Carlos!  We are putting together a minimum
> >>> spec
> >>>>> for
> >>>>>>>>>>> porting/supporting the rules language.  I will let you know
> >>> as soon
> >>>>>>>>>>> as we have it.  You are right though that it will be a a
> >>> subset of
> >>>>>>>>>>> variables and operators.
> >>>>>>>>>>>
> >>>>>>>>>>> Is it OK with you both if I announce this to the leaders
> >>> list?
> >>>>>>>>>>>
> >>>>>>>>>>> Cheers,
> >>>>>>>>>>> Ryan
> >>>>>>>>>>>
> >>>>>>>>>>> On 3/30/11 11:03 AM, "Calderon, Juan Carlos (GE, Corporate,
> >>>>>>>>> consultant)"
> >>>>>>>>>>> <juan.calderon at ge.com> wrote:
> >>>>>>>>>>>
> >>>>>>>>>>>>> I make sense to me and I agree, adding support for a basic
> >>> set of
> >>>>>>>>>>>>> ModSecurity rules will also make it easier to maintain
> >>>>>>>>>>>>> that compatibility.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Ok I will plan to add support in the next release for
> >>> SecRule with
> >>>>> a
> >>>>>>>>>>>>> limited number of variables and operators (to begin with),
> >>> and
> >>>>> maybe
> >>>>>>>>>>>>> include the rule updater as well.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Do you have any BNF of Rules grammar? I could use that to
> >>> create a
> >>>>>>>>>>>>> rule
> >>>>>>>>>>>
> >>>>>>>>>>>>> parser.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Regards,
> >>>>>>>>>>>>> Juan C Calderon
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> -----Original Message-----
> >>>>>>>>>>>>> From: Ryan Barnett [mailto:ryan.barnett at owasp.org]
> >>>>>>>>>>>>> Sent: Wednesday, March 30, 2011 8:45 AM
> >>>>>>>>>>>>> To: Calderon, Juan Carlos (GE, Corporate, consultant); Jim
> >>> Manico
> >>>>>>>>>>>>> Subject: Re: Seeking Java Dev help for ModSecurity Port
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> I agree with you that creating similar OWASP WAF policies
> >>> to match
> >>>>>>>>>>>>> what
> >>>>>>>>>>>
> >>>>>>>>>>>>> is in the OWASP ModSec CRS would be faster, however that
> >>>>>>>>>>>>> is
> >>> not my
> >>>>>>>>>>>>> goal
> >>>>>>>>>>>>> :)  I am looking for "ports" of ModSecurity to different
> >>>>> platforms.
> >>>>>>>>>>>>> They way it stands today, if someone is running a Java
> >>> server
> >>>>>>>>>>>>> (Tomcat,
> >>>>>>>>>>>>> etc...) and they want to use ModSecurity, they have to
> >>> setup a
> >>>>> local
> >>>>>>>>>>>>> Apache reverse proxy with ModSec on it and then setup
> >>> Tomcat on a
> >>>>>>>>>>>>> different port and proxy to it.  This is kludgy...  While
> >>>>>>>>>>>>> I
> >>> agree
> >>>>>>>>>>>>> that
> >>>>>>>>>
> >>>>>>>>>>>>> you could get similar coverage by expanding the OWASP WAF
> >>> policies
> >>>>>>>>>>>>> to detect similar attacks, the key to an actual "port" is
> >>> using
> >>>>> the
> >>>>>>>>>>>>> ModSecurity rule language.  This would allow Java app
> >>> server users
> >>>>>>>>>>>>> to use the OWASP ModSec CRS rules.
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> One thing to keep in mind - you don't have to implement
> >>>>>>>>>>>>> all
> >>> ModSec
> >>>>>>>>>>>>> functionality for a v1 port.  We are working on
> >>>>>>>>>>>>> documenting
> >>> a
> >>>>> "Core"
> >>>>>>>>>>>>> spec that outlines what base capabilities you would need.
> >>> The
> >>>>> main
> >>>>>>>>>>>>> ones are use of SecRule -
> >>>>>>>>>>>>>
> >>>>> https://sourceforge.net/apps/mediawiki/mod-
> >>> security/index.php?title=
> >>>>>>>>>>>>> Re
> >>>>>>>>>>>>> f
> >>>>>>>>>>>>> e
> >>>>>>>>>>>>> ren
> >>>>>>>>>>>>> ce_Manual#SecRule
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> Does this make sense?
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> -Ryan
> >>>>>>>>>>>>>
> >>>>>>>>>>>>> On 3/29/11 8:35 PM, "Calderon, Juan Carlos (GE, Corporate,
> >>>>>>>>> consultant)"
> >>>>>>>>>>>>> <juan.calderon at ge.com> wrote:
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Ok I just checked the documentation, I think the best
> >>> approach
> >>>>> to
> >>>>>>>>>>>>>>> get
> >>>>>>>>>
> >>>>>>>>>>>>>>> the faster resultis to create a ModSecurity WAF policy
> >>>>> containing
> >>>>>>>>>>>>>>> equivalent OWASP WAF rules. Creating a parser for
> >>> ModSecurity
> >>>>> Rules
> >>>>>>>>>>>>>>> will be much harder.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> What do you think?
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Regards,
> >>>>>>>>>>>>>>> Juan C Calderon
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> -----Original Message-----
> >>>>>>>>>>>>>>> From: Ryan Barnett [mailto:ryan.barnett at owasp.org]
> >>>>>>>>>>>>>>> Sent: Tuesday, March 29, 2011 11:16 AM
> >>>>>>>>>>>>>>> To: Calderon, Juan Carlos (GE, Corporate, consultant);
> >>> Jim
> >>>>> Manico
> >>>>>>>>>>>>>>> Subject: Re: Seeking Java Dev help for ModSecurity Port
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Outstanding!  Thanks Juan Carlos.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> FYI - check out the "Ports" section of our Projects page
> >>> to see
> >>>>>>>>>>>>>>> what other ports are in progress/on the roadmap -
> >>>>>>>>>>>>>>> http://www.modsecurity.org/projects/
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> We have a really old Java Servlet Filter version of
> >>> ModSecurity
> >>>>>>>>>>>>>>> that may be of some help.  I think that updating the
> >>> current
> >>>>>>>>>>>>>>> owasp-java-waf
> >>>>>>>>>>>
> >>>>>>>>>>>>>>> code would probably be better though as the version we
> >>> had uses
> >>>>> the
> >>>>>>>>>>>>>>> old
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>>> ModSecurity v.1 rules language syntax.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> If you look at the link for "Sun Java Web Server Version
> >>> 7.0
> >>>>> Update
> >>>>>>>>>>>>>>> 2
> >>>>>>>>>
> >>>>>>>>>>>>>>> link
> >>>>>>>>>>>>>>> -
> >>>>> http://blogs.sun.com/meena/entry/intrusion_detection_in_sun_java
> >>>>>>>>>>>>>>> - you can see the ModSecurity rules language components
> >>> they
> >>>>> have
> >>>>>>>>>>>>>>> implemented thus far.
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Let me know if you need any help!
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> Thanks again,
> >>>>>>>>>>>>>>> Ryan
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>> On 3/29/11 1:10 PM, "Calderon, Juan Carlos (GE,
> >>> Corporate,
> >>>>>>>>>>> consultant)"
> >>>>>>>>>>>>>>> <juan.calderon at ge.com> wrote:
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> @Ryan, hello again villa-mate :)
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> @Jim, Yes I do have interest in continuing with this
> >>> effort at
> >>>>>>>>>>>>>>>>> least
> >>>>>>>>>
> >>>>>>>>>>>>>>>>> to
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> make the WAF reach release level.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Let me give the rules a look to see what would it take
> >>> to
> >>>>>>>>>>>>>>>>> implement them in the OWASP Java WAF.
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Regards,
> >>>>>>>>>>>>>>>>> Juan C Calderon
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> -----Original Message-----
> >>>>>>>>>>>>>>>>> From: Ryan Barnett [mailto:ryan.barnett at owasp.org]
> >>>>>>>>>>>>>>>>> Sent: Tuesday, March 29, 2011 11:02 AM
> >>>>>>>>>>>>>>>>> To: Jim Manico; Calderon, Juan Carlos (GE, Corporate,
> >>>>> consultant)
> >>>>>>>>>>>>>>>>> Subject: Re: Seeking Java Dev help for ModSecurity
> >>>>>>>>>>>>>>>>> Port
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Ha, Juan Carlos and I were Villa mates in Portugal! :)
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Juan Carlos - let me know what you think about the
> >>>>>>>>>>>>>>>>> idea
> >>> of
> >>>>>>>>>>>>>>>>> updating the
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> owasp-java-waf code to be able to use the ModSecurity
> >>> Rules
> >>>>>>>>>>>>>>>>> Language
> >>>>>>>>>
> >>>>>>>>>>>>>>>>> syntax (SecRules, etc...).
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> Thanks,
> >>>>>>>>>>>>>>>>> Ryan
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>> On 3/29/11 12:56 PM, "Jim Manico"
> >>> <jim.manico at owasp.org>
> >>>>> wrote:
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> On 3/29/2011 9:46 AM, Ryan Barnett wrote:
> >>>>>>>>>>>>>>>>>>>>> Yeah,
> >>>>>>>>>>>>>>>>>>>>> Let's see if we can move forward with the idea of
> >>>>> migrating
> >>>>>>>>>>>>>>>>>>>>> ESAPI
> >>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>> WAF
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>> to be a stand-alone project.  Then the Java lead
> >>> (whoever
> >>>>> that
> >>>>>>>>>>>>>>>>>>>>> is)
> >>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>>> can implement the ModSecurity rules language and
> >>> redub it
> >>>>>>>>>>>>>>>>>>>>> "ModSecurity Java Servlet WAF".
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> The migration to a standalone project is already
> >>> done, Ryan
> >>>>> -
> >>>>>>>>>>>>>>>>>>> meet Juan
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> Carlos Calderon; he is "by default" the current
> >>>>>>>>>>>>>>>>>>> owner
> >>> of the
> >>>>>>>>>>>>>>>>>>> owasp-java-waf project :)
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> http://code.google.com/p/owasp-java-waf/
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> As you can see, we have work to do :)
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> Juan Carlos - meet Ryan Barnett. Ryan is one of the
> >>> most
> >>>>>>>>>>>>>>>>>>> respected WAF'ers on the planet. He is currently the
> >>> leaders
> >>>>> of
> >>>>>>>>>>>>>>>>>>> the OWASP ModSecurity Core Ruleset.
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> Juan Carlos, do you have any interest in continuing
> >>> to work
> >>>>> on
> >>>>>>>>>>>>>>>>>>> this
> >>>>>>>>>
> >>>>>>>>>>>>>>>>>>> project sir?
> >>>>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>>> Aloha!
> >>>>>>>>>>>>>>>>>>> - Jim
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>>>
> >>>>>>>>>
> >>>>>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> Global-projects-committee mailing list
> >>>>> Global-projects-committee at lists.owasp.org
> >>>>> https://lists.owasp.org/mailman/listinfo/global-projects-committee
> >>>>>
> >>>>
> >>>
> >>> _______________________________________________
> >>> Global-projects-committee mailing list
> >>> Global-projects-committee at lists.owasp.org
> >>> https://lists.owasp.org/mailman/listinfo/global-projects-committee
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global-projects-committee/attachments/20110406/1bb3f2f2/attachment-0001.html 


More information about the Global-projects-committee mailing list