[Owasp-modsecurity-core-rule-set] Working on Paranoia-Mode for Core Rules 3.0.0
mail at noelzindel.org
Thu Jan 7 20:52:20 UTC 2016
Thanks Chaim, thanks Christian.
Gotcha. Will get back to you.
> On 07 Jan 2016, at 21:23, Christian Folini <christian.folini at netnea.com> wrote:
>> Reading through the tasks it appears to me that a good part requires at least an intermediate understanding of ModSec and the CRS -
>> even though comparing the two rulesets and documenting the project should be possible even for me; I’ll sign up for that as soon as I have access to the wiki.
> Pick something of your choice. If you are any good at drawing,
> "Draw flowchart" would be a good choice.
> "Write new stricter siblings for existing rules" should meet your
> level of expertise just as well. You could start and play around
> with 981173 immediately: copy the rule under a new ID and make
> it stricter / paranoid. Once this is done, try and make sure a
> uuid is no longer triggering the rule (-> whitelist uuid format
> to circumvent the rule; this uuid false positive is a speciality
> of 981173).
> More candidates will pop up as we progress.
>> I see myself more as additional “computing power”. So, if you need help with anything or got a task for me, let me know.
>> Just answer right here or ping me at mail(at)noelzindel(dot)org.
>>> On 07 Jan 2016, at 08:54, Christian Folini <christian.folini at netnea.com> wrote:
>>> Dear all,
>>> As mentioned in my previous response to Walter, I got enough
>>> feedback to form a little team to work on this.
>>> We created a wiki page on the OWASP wiki under the CRS
>>> I linked to this page from the main CRS page, where I introduced
>>> a section about the upcoming 3.0.0 release.
>>> We will try and document our work on this new CRS mode on the
>>> said wiki page. Technical discussions are supposed to be held
>>> in public, likely on this mailinglist for future archiving.
>>> More helping hands are still welcome. You can can join
>>> formally by sending me a message, or you can take part in the
>>> discussions here or on the wiki.
>>> Christian Folini
>>> Those who would give up Essential Liberty to purchase a little
>>> Temporary Safety, deserve neither Liberty nor Safety.
>>> -- Benjamin Franklin
>>> Owasp-modsecurity-core-rule-set mailing list
>>> Owasp-modsecurity-core-rule-set at lists.owasp.org
> Owasp-modsecurity-core-rule-set mailing list
> Owasp-modsecurity-core-rule-set at lists.owasp.org
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: Message signed with OpenPGP using GPGMail
More information about the Owasp-modsecurity-core-rule-set