Thread: [Mod-security-developers] Interesting Project for a 6-month Internship
Brought to you by:
victorhora,
zimmerletw
From: Martin H. <mar...@sm...> - 2012-09-11 22:11:54
|
Hello, I'm doing a 6-month Internship starting on 1.3.2013. In this i will develop a Project of my own. I now have to submit a proposal for the Project. I don't have a good Idea yet, but it would be nice, if I could work with an interesting Open Source Project, so my Question is if you have some Feature on your Wishlist witch you always wanted but nobody implements it and which is suitable for a 6-month internship. The Project has to be Security-related, but I can use a broad Definition of "Security". :-) Best Regards, Martin Haug _________________________________________________________________ Free-Mail Postfach (bis zu 10 GB E-Mail-Speicher) SMS, MMS, Fax und vieles mehr - http://www.smart-mail.de |
From: Christian F. <chr...@ti...> - 2012-09-11 22:39:25
|
Hi Martin, An open-source cookie-store module for Apache would be awesome. Ideally, this would be a feature in ModSecurity or a standalone module. By cookie store I mean a piece of logic / store, that consumes Set-Cookie Response headers from the backend application (typically in a reverse proxy setting) and stores the cookies in a local session. The client no longer sees the cookies. But when the client issues a request, the cookies are attached to his request according to their definition (domain, path, secure-flag, expiry) again. So for the application, this is transparent and an attacker is no longer able to steal the cookies from the client anymore. Cheers, Christian On Wed, Sep 12, 2012 at 12:10:58AM +0200, Martin Haug wrote: > Hello, > I'm doing a 6-month Internship starting on 1.3.2013. In this i will > develop a Project of my own. I now have to submit a proposal for the > Project. > I don't have a good Idea yet, but it would be nice, if I could work with > an interesting Open Source Project, so my Question is if you have some > Feature on your Wishlist witch you always wanted but nobody implements > it and which is suitable for a 6-month internship. > > The Project has to be Security-related, but I can use a broad Definition > of "Security". :-) > Best Regards, > Martin Haug > > _________________________________________________________________ > Free-Mail Postfach (bis zu 10 GB E-Mail-Speicher) > SMS, MMS, Fax und vieles mehr - http://www.smart-mail.de > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
From: Ryan B. <RBa...@tr...> - 2012-09-11 23:11:03
|
Hey Martin, Check out our GSOC page for some ideas - - http://www.modsecurity.org/projects/gsoc/ - https://www.owasp.org/index.php/GSoC2012_Ideas#ModSecurity_Core_Rule_Set For the rules ideas - most of these could be quickly prototyped using Lua API. Depending on the idea, some of them could/should be integrated directly into ModSecurity as C code. Let us know if any of these ideas spark your interest. FYI - we will probably be creating a proper Roadmap/Features page. Cheers. -- Ryan Barnett Trustwave SpiderLabs ModSecurity Project Leader OWASP ModSecurity CRS Project Leader On 9/11/12 6:10 PM, "Martin Haug" <mar...@sm...> wrote: >Hello, >I'm doing a 6-month Internship starting on 1.3.2013. In this i will >develop a Project of my own. I now have to submit a proposal for the >Project. >I don't have a good Idea yet, but it would be nice, if I could work with >an interesting Open Source Project, so my Question is if you have some >Feature on your Wishlist witch you always wanted but nobody implements >it and which is suitable for a 6-month internship. > >The Project has to be Security-related, but I can use a broad Definition >of "Security". :-) >Best Regards, >Martin Haug > >_________________________________________________________________ >Free-Mail Postfach (bis zu 10 GB E-Mail-Speicher) >SMS, MMS, Fax und vieles mehr - http://www.smart-mail.de > > >-------------------------------------------------------------------------- >---- >Live Security Virtual Conference >Exclusive live event will cover all the ways today's security and >threat landscape has changed and how IT managers can respond. Discussions >will include endpoint security, mobile security and the latest in malware >threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ >_______________________________________________ >mod-security-developers mailing list >mod...@li... >https://lists.sourceforge.net/lists/listinfo/mod-security-developers >ModSecurity Services from Trustwave's SpiderLabs: >https://www.trustwave.com/spiderLabs.php > ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
From: Breno S. <bre...@gm...> - 2012-09-13 13:14:27
|
Hello Martin, There are many stuffs to work. I can give u some suggestions: - Extend the current encryption engine to protect Cookies and input/hidden fields - Write a Positive (Learning) engine Thanks Breno On Tue, Sep 11, 2012 at 6:10 PM, Ryan Barnett <RBa...@tr...>wrote: > Hey Martin, > Check out our GSOC page for some ideas - > - http://www.modsecurity.org/projects/gsoc/ > - https://www.owasp.org/index.php/GSoC2012_Ideas#ModSecurity_Core_Rule_Set > > For the rules ideas - most of these could be quickly prototyped using Lua > API. Depending on the idea, some of them could/should be integrated > directly into ModSecurity as C code. > > Let us know if any of these ideas spark your interest. > > FYI - we will probably be creating a proper Roadmap/Features page. > > Cheers. > > -- > Ryan Barnett > Trustwave SpiderLabs > ModSecurity Project Leader > OWASP ModSecurity CRS Project Leader > > > > > > On 9/11/12 6:10 PM, "Martin Haug" <mar...@sm...> wrote: > > >Hello, > >I'm doing a 6-month Internship starting on 1.3.2013. In this i will > >develop a Project of my own. I now have to submit a proposal for the > >Project. > >I don't have a good Idea yet, but it would be nice, if I could work with > >an interesting Open Source Project, so my Question is if you have some > >Feature on your Wishlist witch you always wanted but nobody implements > >it and which is suitable for a 6-month internship. > > > >The Project has to be Security-related, but I can use a broad Definition > >of "Security". :-) > >Best Regards, > >Martin Haug > > > >_________________________________________________________________ > >Free-Mail Postfach (bis zu 10 GB E-Mail-Speicher) > >SMS, MMS, Fax und vieles mehr - http://www.smart-mail.de > > > > > >-------------------------------------------------------------------------- > >---- > >Live Security Virtual Conference > >Exclusive live event will cover all the ways today's security and > >threat landscape has changed and how IT managers can respond. Discussions > >will include endpoint security, mobile security and the latest in malware > >threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > >_______________________________________________ > >mod-security-developers mailing list > >mod...@li... > >https://lists.sourceforge.net/lists/listinfo/mod-security-developers > >ModSecurity Services from Trustwave's SpiderLabs: > >https://www.trustwave.com/spiderLabs.php > > > > > ________________________________ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is STRICTLY PROHIBITED. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > |
From: Martin H. <mar...@sm...> - 2012-09-14 15:44:09
|
Hello, I guess "Write a Positive Learning Engine" means the Task mentioned here [1]. It sounds interesting, but I must admit I didn't really got what is asked by the Project. In particular I don't really understand what the mentioned link [2] has to do with the Project. :( I hope you can enlight me. Regards, Martin Haug [1] http://www.modsecurity.org/projects/gsoc/ "Automated Learning/Positive Security Model" [2] http://blog.spiderlabs.com/2011/08/implementing-appsensor-detection-points-in-modsecurity.html Am 13.09.2012 15:14, schrieb Breno Silva: > Hello Martin, > > There are many stuffs to work. I can give u some suggestions: > - Extend the current encryption engine to protect Cookies and > input/hidden fields > - Write a Positive (Learning) engine > > > Thanks > > Breno > > On Tue, Sep 11, 2012 at 6:10 PM, Ryan Barnett <RBa...@tr... > <mailto:RBa...@tr...>> wrote: > > Hey Martin, > Check out our GSOC page for some ideas - > - http://www.modsecurity.org/projects/gsoc/ > - > https://www.owasp.org/index.php/GSoC2012_Ideas#ModSecurity_Core_Rule_Set > > For the rules ideas - most of these could be quickly prototyped > using Lua > API. Depending on the idea, some of them could/should be integrated > directly into ModSecurity as C code. > > Let us know if any of these ideas spark your interest. > > FYI - we will probably be creating a proper Roadmap/Features page. > > Cheers. > > -- > Ryan Barnett > Trustwave SpiderLabs > ModSecurity Project Leader > OWASP ModSecurity CRS Project Leader > > > > > > On 9/11/12 6:10 PM, "Martin Haug" <mar...@sm... > <mailto:mar...@sm...>> wrote: > > >Hello, > >I'm doing a 6-month Internship starting on 1.3.2013. In this i will > >develop a Project of my own. I now have to submit a proposal for the > >Project. > >I don't have a good Idea yet, but it would be nice, if I could work > with > >an interesting Open Source Project, so my Question is if you have some > >Feature on your Wishlist witch you always wanted but nobody implements > >it and which is suitable for a 6-month internship. > > > >The Project has to be Security-related, but I can use a broad > Definition > >of "Security". :-) > >Best Regards, > >Martin Haug > > > >_________________________________________________________________ > >Free-Mail Postfach (bis zu 10 GB E-Mail-Speicher) > >SMS, MMS, Fax und vieles mehr - http://www.smart-mail.de > > > > > >-------------------------------------------------------------------------- > >---- > >Live Security Virtual Conference > >Exclusive live event will cover all the ways today's security and > >threat landscape has changed and how IT managers can respond. > Discussions > >will include endpoint security, mobile security and the latest in > malware > >threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > >_______________________________________________ > >mod-security-developers mailing list > >mod...@li... > <mailto:mod...@li...> > >https://lists.sourceforge.net/lists/listinfo/mod-security-developers > >ModSecurity Services from Trustwave's SpiderLabs: > >https://www.trustwave.com/spiderLabs.php > > > > > ________________________________ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If > you are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information > contained herein (including any reliance thereon) is STRICTLY > PROHIBITED. If you received this transmission in error, please > immediately contact the sender and destroy the material in its > entirety, whether in electronic or hard copy format. > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. > Discussions > will include endpoint security, mobile security and the latest in > malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > mod-security-developers mailing list > mod...@li... > <mailto:mod...@li...> > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > > > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > > > > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php > _________________________________________________________________ Free-Mail Postfach (bis zu 10 GB E-Mail-Speicher) SMS, MMS, Fax und vieles mehr - http://www.smart-mail.de |