Noël, On Thu, Jan 07, 2016 at 08:34:31PM +0100, Noël Zindel wrote: > Nevertheless, I seem to understand the basics and I’m highly motivated to dig > deeper.
That's the spirit. Any project has tasks for newbies and this is no different. Glad to have you in my team. > Reading through the tasks it appears to me that a good part requires at least > an intermediate understanding of ModSec and the CRS - > even though comparing the two rulesets and documenting the project should be > possible even for me; I’ll sign up for that as soon as I have access to the > wiki. Pick something of your choice. If you are any good at drawing, "Draw flowchart" would be a good choice. "Write new stricter siblings for existing rules" should meet your level of expertise just as well. You could start and play around with 981173 immediately: copy the rule under a new ID and make it stricter / paranoid. Once this is done, try and make sure a uuid is no longer triggering the rule (-> whitelist uuid format to circumvent the rule; this uuid false positive is a speciality of 981173). More candidates will pop up as we progress. Best, Christian > > I see myself more as additional “computing power”. So, if you need help with > anything or got a task for me, let me know. > Just answer right here or ping me at mail(at)noelzindel(dot)org. > > Regards, > Noël > > > > On 07 Jan 2016, at 08:54, Christian Folini <christian.fol...@netnea.com> > > wrote: > > > > Dear all, > > > > As mentioned in my previous response to Walter, I got enough > > feedback to form a little team to work on this. > > > > We created a wiki page on the OWASP wiki under the CRS > > page: > > > > https://www.owasp.org/index.php/OWASP_ModSec_CRS_Paranoia_Mode > > > > I linked to this page from the main CRS page, where I introduced > > a section about the upcoming 3.0.0 release. > > > > We will try and document our work on this new CRS mode on the > > said wiki page. Technical discussions are supposed to be held > > in public, likely on this mailinglist for future archiving. > > > > More helping hands are still welcome. You can can join > > formally by sending me a message, or you can take part in the > > discussions here or on the wiki. > > > > Cheers, > > > > Christian Folini > > > > > > > > -- > > Those who would give up Essential Liberty to purchase a little > > Temporary Safety, deserve neither Liberty nor Safety. > > -- Benjamin Franklin > > _______________________________________________ > > Owasp-modsecurity-core-rule-set mailing list > > Owasp-modsecurity-core-rule-set@lists.owasp.org > > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
