Greetings everyone, Please excuse the cross-posting but I wanted to make sure that everyone saw this post. We are going to start an initiative to re-architect the OWASP ModSecurity Core Rule Set. We, SpiderLabs, want this to be a "community-based" effort where we openly discuss various methods of architecting the CRS so that they provide the most value. Here are a few goals -
1. To make the CRS more accurate – which means to significantly reduce the # of false positives. Most users want move to a blocking mode but can't until they are comfortable with the accuracy of the rules. 2. To make exceptions easier – there are a number of scenarios where exceptions need to be made to exclude certain parameters or URLs from inspection. 3. To increase the security coverage – which means to reduce the # of false negatives. We don't want to miss any legitimate attacks. We will be starting a string of discussion threads on the OWASP ModSecurity CRS mail-list - https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set If you would like to participate in this project – I suggest that you sign up for the mail-list. We want feedback from all different types of ModSecurity users – home users, corporate users, government, education, hosting providers, etc… Let us know what your challenges are so that we can fix them! -- Ryan Barnett Trustwave SpiderLabs ModSecurity Project Leader OWASP ModSecurity CRS Project Leader ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
