[Owasp-leaders] Adding OWASP ModSecurity CRS to OWASP Live CD
bradcausey at owasp.org
Mon Jan 23 15:21:54 UTC 2012
Sounds like your site admin sucks.
On 1/21/12, Matt Tesauro <mtesauro at gmail.com> wrote:
> First, apologies are due you - I did see your email a while ago and meant
> to reply much sooner. Changing jobs and generally trying to catch up on my
> life at home has left me little free time. In all honesty, I barely kept
> up with my OWASP Board work between November and December. Luckily my
> fellow board members didn't mind picking up my slack for a bit. And I
> still owe Dan Cornell a reply about the Live CD as well.
> About the post on the AppSecLive.org site: Apparently spammer and black
> hat SEO schmucks have figured out how to get past the CAPTCHA I was using
> and your request got buried in a ton of watch and certification cruft which
> mucked up my site. I nuked a bunch of bogus looking users and forced admin
> approval for new users to keep them at bay. That part of the project is
> also needs some attention desperately.
> About your class and a mod_security ISO to use in VMware: I'd very much
> suggest you use the September 2011 release of OWASP WTE (the new name for
> the Live CD). I have VMs already setup for VMware and Virtualbox (also
> reported to work on Parallels too).
> You can grab them here:
> <aside> yes, I know directory indexing is on for that directory - its
> Free and Open Source stuff for crying out loud! ; ) </aside>
> Also, as luck would have it, I've agreed to do two OWASP chapter talks on
> WTE + Cloud so I'll be reviewing the .debs that make up WTE and updating
> any of them that need it in February. If you have decent setup
> instructions for Apache + mod_security + CRS, I can probably wrap those
> into a .deb and add that to the WTE repository.
> Contact me off list and we can bat ideas back and forth to find something
> that works for both of us. I'm sure we can trade war stories about getting
> a classroom of VMs up and going.
> -- Matt Tesauro
> OWASP Board Member
> OWASP WTE Project Lead
> http://AppSecLive.org - Community and Download site
> On Sat, Jan 21, 2012 at 8:36 AM, Ryan Barnett <ryan.barnett at owasp.org>wrote:
>> I will be giving a virtual patching training session at the AppSecDC 2012
>> conf -
>> In the class, we will be front-ending WebGoat with a ModSecurity reverse
>> proxy server and then attempt to virtually patch as many of the lessons as
>> possible. For the class, I was planning to use the OWASP Live CD iso
>> in VMware. When teaching this class previously, the students then had to
>> manually install Apache, ModSecurity and the OWASP ModSecurity CRS. What
>> would rather have, is for these items to already be pre-installed on the
>> OWASP Live CD image.
>> I am sending this note to the leaders list as I have previously tried to
>> contact the project leaders via email and the user formums -
>> http://appseclive.org/content/add-modsecurity-and-owasp-crs - but have
>> not gotten any responses.
>> If anyone can help me get this request moving forward, it would be much
>> Ryan Barnett
>> OWASP ModSecurity Core Rule Set Project Leaders
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
Sent from my mobile device
CISSP, MCSE, C|EH, CIFI, CGSP
"Si vis pacem, para bellum"
More information about the OWASP-Leaders