Hello Martin,

There are many stuffs to work. I can give u some suggestions:
- Extend the current encryption engine to protect Cookies and input/hidden fields
- Write a Positive (Learning) engine


Thanks

Breno

On Tue, Sep 11, 2012 at 6:10 PM, Ryan Barnett <RBarnett@trustwave.com> wrote:
Hey Martin,
Check out our GSOC page for some ideas -
- http://www.modsecurity.org/projects/gsoc/
- https://www.owasp.org/index.php/GSoC2012_Ideas#ModSecurity_Core_Rule_Set

For the rules ideas - most of these could be quickly prototyped using Lua
API.  Depending on the idea, some of them could/should be integrated
directly into ModSecurity as C code.

Let us know if any of these ideas spark your interest.

FYI - we will probably be creating a proper Roadmap/Features page.

Cheers.

--
Ryan Barnett
Trustwave SpiderLabs
ModSecurity Project Leader
OWASP ModSecurity CRS Project Leader





On 9/11/12 6:10 PM, "Martin Haug" <martinhaug@smart-mail.de> wrote:

>Hello,
>I'm  doing a 6-month Internship starting on 1.3.2013. In this i will
>develop a Project of my own. I now have to submit a proposal for the
>Project.
>I don't have a good Idea yet, but it would be nice, if I could work with
>an interesting Open Source Project, so my Question is if you have some
>Feature on your Wishlist witch you always wanted but nobody implements
>it and which is suitable for a 6-month internship.
>
>The Project has to be Security-related, but I can use a broad Definition
>of "Security". :-)
>Best Regards,
>Martin Haug
>
>_________________________________________________________________
>Free-Mail Postfach (bis zu 10 GB E-Mail-Speicher)
>SMS, MMS, Fax und vieles mehr - http://www.smart-mail.de
>
>
>--------------------------------------------------------------------------
>----
>Live Security Virtual Conference
>Exclusive live event will cover all the ways today's security and
>threat landscape has changed and how IT managers can respond. Discussions
>will include endpoint security, mobile security and the latest in malware
>threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>_______________________________________________
>mod-security-developers mailing list
>mod-security-developers@lists.sourceforge.net
>https://lists.sourceforge.net/lists/listinfo/mod-security-developers
>ModSecurity Services from Trustwave's SpiderLabs:
>https://www.trustwave.com/spiderLabs.php
>


________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
mod-security-developers mailing list
mod-security-developers@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-developers
ModSecurity Services from Trustwave's SpiderLabs:
https://www.trustwave.com/spiderLabs.php