[GPC] Presenting a new project to the OWASP : Naxsi, a WAF for NGINX

Paulo Coimbra pcoimbra at owasp.org
Thu Sep 1 13:30:56 EDT 2011


Hello Thibault,

First of all, thank you for volunteering to lead an OWASP Project.  It is
with volunteers like yourself that OWASP continues to succeed in making
application security visible.

Regarding your proposed leadership of this project, I am carbon copying the
OWASP Global Projects Committee (GPC) so that it can have the opportunity to
look at the roadmap you have sent and provide feedback. If none opposition
raises from the GPC, as I expect, I will set your project up.

Meanwhile, we recommend that every project leader or contributor creates a
wiki account, fills in there with Resume/Curriculum Vitae, Wiki
Contributions and Email Address. Those elements will help us with building a
proper idea of their technical profile and will facilitate the contact
within OWASP contributors. Please see below the tutorial¹s first paragraph
and an example.

https://www.owasp.org/index.php/Special:RequestAccount

http://www.owasp.org/index.php/Tutorial
 
http://www.owasp.org/index.php/User:Mtesauro

I will get back to you soon with more info and details.
 
Many thanks, best regards,
- Paulo

Paulo Coimbra
OWASP Project Manager <https://www.owasp.org/index.php/User:Paulo_Coimbra>

From:  Thibault Koechlin <thibault.koechlin at nbs-system.com>
Organization:  NBS System
Date:  Thu, 01 Sep 2011 19:17:54 +0200
To:  Sebastien Gioria <sebastien.gioria at owasp.org>, Paulo Coimbra
<paulo.coimbra at owasp.org>
Cc:  phu <phu at nbs-system.com>
Subject:  Presenting a new project to the OWASP : Naxsi, a WAF for NGINX

Hello,


I would like to introduce a new project to the OWASP : NAXSI.
Naxsi is a Web Application Firewall module for Nginx. It's different
from most WAFs, because it relies on a positive model, rather than the
usual negative model. The project is still very young (alpha v0.2), even
if I've been working on it (and testing it) since a few months already.
You can find more details about it here : naxsi.googlecode.com.


You will find attached the small requested presentation of the project,
as well as replies to the submission process.


A - Project : NAXSI
1 - Project Name : NAXSI (Nginx Anti Xss Sql Injection)
2 - Project Purpose/Overview : Naxsi is a WAF module Nginx, the infamous
web server / reverse proxy / ... Its goal is to protect web application
from SQL Injections, Cross Site Scripting and all "web" vulnerabilities.
3 - Project RoadMap : The project is already released (on googlecode),
and is currently in alpha version, even if we already did a lot of
testing. The next "big" steps will be to develop a web reporting
interface, as the web configuration/learning interface is already
existing.
4 - Project links : naxsi.googlecode.com
5 - Project License : GPL v2
6 - Project Leader Name : Thibault "bui" Koechlin
7 - Project Leader e-mail account : bui at nbs-system.com
8 - Project Leader wiki account :
9 - Project Contributors : Sebastien Blot, Antonin Lefaucheux, Didier
Conchaudron
10 - Project links : naxsi.googlecode.com

B - First Release
1 - Release Name : Naxsi-alpha-v0.2 (End of august, but developed since
a few months)
2 - Release Description : This is the first public version naxsi, a Web
Application Firewall Module for NGINX
3 - Release Downloadable file links :
http://naxsi.googlecode.com/files/naxsi-alpha-v0.2.tgz
4 - Release Leader : Thibault Koechlin
5 - Release Contributors : Sebastien Blot, Antonin Lefaucheux, Didier
Conchaudron
6 - Release Reviewer : Thibault Koechlin, Sebastien Blot
7 - Release Sponsors : NBS System
8 - Release Note : First public version of NAXSI !
9 - Release Main Links : naxsi.googlecode.com

Thanks for your time,

Regards,
-- 
Thibault Koechlin, IT security senior consultant
---
NBS System - L'Expertise sécurité - 140 Bd Haussmann - 75008 Paris, France
Tel: +33 1 58 56 25 90 /  Fax: +33 1 58 56 60 81




-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/global-projects-committee/attachments/20110901/d0fa6104/attachment.html 


More information about the Global-projects-committee mailing list