I think it is a little hard for a bachelor student to fulfill such a task.

2009/11/25 Holger Peine <Holger.Peine@fh-hannover.de>
Dear modsecurity users,

I'm a professor of computer science at the University of Applied
Sciences in Hanover, Germany.

Last time I checked, modsecurity did not support a cookie store (i.e.
transparently replacing one or more application cookies by one
modscecurity cookie), nor link encryption (i.e. transparently replacing
an application link by an unstructured, random-looking string
constructed by encrypting the application link) as most commercial
WAFs do.

I'm thinking whether it would be a good idea to issue implementing one
or both of these features as a bachelor's thesis. Our bachelor students
have studied computer science for two and a half years upon the start
of such thesis work, including a one-semester-course in C (though their
primary language is Java), and would get a half-day introduction to
WAFs and modsecurity at the start of their thesis work. The amount of
work they can afford is equivalent to two months of full time, starting
from the previous knowledge described above.

Do you think that implementing one (which one?) or both of the above
features suitable for such a thesis, i.e. neither clearly too difficult
nor clearly too easy for the allocated time?

Of course we would contribute the finished code (provided that it works)
to modsecurity under its usual license - we do not expect any
compensation beyond giving credit.

I'd be happy to hear your opinion on this,
Holger Peine

Prof. Dr. Holger Peine
FH Hannover, Fakultät IV, Abt. Informatik
Tel: +49(511)9296-1830  Fax: -1810 (shared, please state my name)
Ricklinger Stadtweg 120, D-30459 Hannover, Germany

Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
mod-security-users mailing list
Commercial ModSecurity Appliances, Rule Sets and Support: