Re: [Mod-security-developers] Interesting Project for a 6-month Internship
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [Mod-security-developers] Interesting Project for a 6-month Internship
|
From: Christian F. <chr...@ti...> - 2012-09-11 22:39:25
|
Hi Martin, An open-source cookie-store module for Apache would be awesome. Ideally, this would be a feature in ModSecurity or a standalone module. By cookie store I mean a piece of logic / store, that consumes Set-Cookie Response headers from the backend application (typically in a reverse proxy setting) and stores the cookies in a local session. The client no longer sees the cookies. But when the client issues a request, the cookies are attached to his request according to their definition (domain, path, secure-flag, expiry) again. So for the application, this is transparent and an attacker is no longer able to steal the cookies from the client anymore. Cheers, Christian On Wed, Sep 12, 2012 at 12:10:58AM +0200, Martin Haug wrote: > Hello, > I'm doing a 6-month Internship starting on 1.3.2013. In this i will > develop a Project of my own. I now have to submit a proposal for the > Project. > I don't have a good Idea yet, but it would be nice, if I could work with > an interesting Open Source Project, so my Question is if you have some > Feature on your Wishlist witch you always wanted but nobody implements > it and which is suitable for a 6-month internship. > > The Project has to be Security-related, but I can use a broad Definition > of "Security". :-) > Best Regards, > Martin Haug > > _________________________________________________________________ > Free-Mail Postfach (bis zu 10 GB E-Mail-Speicher) > SMS, MMS, Fax und vieles mehr - http://www.smart-mail.de > > > ------------------------------------------------------------------------------ > Live Security Virtual Conference > Exclusive live event will cover all the ways today's security and > threat landscape has changed and how IT managers can respond. Discussions > will include endpoint security, mobile security and the latest in malware > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ > _______________________________________________ > mod-security-developers mailing list > mod...@li... > https://lists.sourceforge.net/lists/listinfo/mod-security-developers > ModSecurity Services from Trustwave's SpiderLabs: > https://www.trustwave.com/spiderLabs.php |
