[Owasp-modsecurity-core-rule-set] Some XSS evasions posted (and some thoughts why ModSec Core Rules users were hit on day 0)

Christian Folini christian.folini at time-machine.ch
Fri Sep 18 18:30:47 UTC 2015


There was a thing I forgot to highlight.

On Thu, Sep 17, 2015 at 04:05:12PM +0000, Chaim Sanders wrote:
> In the backend we’ve also been doing lots of revamping of our testing process. In fact leading up to ModSecurity v3 we’ve created 1000’s of test cases which will finally ground the ModSecurity development process in a solid foundation. Coupled with this we’ve been building out our buildbot infrastructure for monitoring these test both externally (for build control) and internally for performance testing.

I think this is a wonderful achievement and a very good
use of your and Felipe's time.



Real knowledge is to know the extent of one's own ignorance.
-- Confucius

More information about the Owasp-modsecurity-core-rule-set mailing list