Thread: [Mod-security-developers] More about ModSecurity version 3
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
mod-security-developers
|
From: Felipe C. <FC...@tr...> - 2016-01-04 17:10:02
|
Hi Guys, Not sure if you had the opportunity to saw, recently I made two blog posts about the libModSecurity, available here: Felipe “Zimmerle” Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Felipe C. <FC...@tr...> - 2016-01-04 17:11:37
|
Missing links: https://www.trustwave.com/Resources/SpiderLabs-Blog/An-Overview-of-the-Upcoming-libModSecurity/ https://www.trustwave.com/Resources/SpiderLabs-Blog/ModSecurity-Python-Bindings--Parsing-ModSecurity-rules-from-Python/<https://www.trustwave.com/Resources/SpiderLabs-Blog/ModSecurity-Python-Bindings--Parsing-ModSecurity-rules-from-Python/?page=1&year=0&month=0> Br., Felipe “Zimmerle” Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Felipe Zimmerle <FC...@tr...<mailto:FC...@tr...>> Date: Monday, January 4, 2016 at 2:09 PM To: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Cc: "mod...@li...<mailto:mod...@li...>" <mod...@li...<mailto:mod...@li...>> Subject: More about ModSecurity version 3 Hi Guys, Not sure if you had the opportunity to saw, recently I made two blog posts about the libModSecurity, available here: Felipe “Zimmerle” Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
|
From: Christian F. <chr...@ti...> - 2016-01-07 10:33:51
|
Felipe, Thank you for the links. In fact I missed the posts (despite your previous announcement). They are advertised on the ModSec website, but I tried to see them via http://blog.spiderlabs.com/modsecurity but the ModSecurity tag is missing on the posts. So glad you linked them here on the mailinglists too. I like the overview presented in the libModSecurity blogpost. It extends on the things I understood so far and makes a good point why this step means a very big opportunity. Modularity is key for successful development (with known exceptions). So I wish you good luck in attracting more help to finish the job. It would be sweet, if we could see more community development happening in the ModSecurity code. Did I get it correctly, that libModSecurity is no longer written in C, but in C++? Does that extend on the connectors to? Community testing: You ask for testers and I think this is an important point. Hopefully you get the necessary beta testers. However, by focusing on nginx, you cut yourself from a big part of the ModSecurity audience. But those who do the work get to make the decisions. So this is a reasonable choice. And in fact, I understand your reasoning (the problems with ModSec 2.x where the most striking with the nginx port, among other reasons) but it might prove problematic. The Python Rule Import blogpost is even cooler. I did not think of this before. I know that there are options to do this with the Core Rules on nginx already, but now that it seems to become available for my platform as well, my mind is spinning madly thinking about use cases. This is really neat. Please keep us posted on the progress of the work. Best, Christian P.S. You used to plan for a community meeting in December. That did not happen. Any new plans for the next meeting? -- Learn this lesson, that to be self-contented is to be vile and ignorant, and that to aspire is better than to be blindly and impotently happy. -- Edwin Abbott Abbott |
|
From: Felipe C. <FC...@tr...> - 2016-01-18 14:00:24
|
Hi Christian, Comments in-line. On 1/7/16, 7:33 AM, "Christian Folini" <chr...@ti...> wrote: >Felipe, > >Thank you for the links. In fact I missed the posts (despite your >previous announcement). They are advertised on the ModSec website, >but I tried to see them via http://scanmail.trustwave.com/?c=4062&d=oL-O1iYOmSpv8oTEXO4IfnQS5FvxlTBsaW0f25tBow&s=5&u=http%3a%2f%2fblog%2espiderlabs%2ecom%2fmodsecurity >but the ModSecurity tag is missing on the posts. I will investigate with the Blog admin to see what happened. In fact, the announcement at ModSecuritiy.org should only show the blog posts with the ModSecurity tag. It seems like it is announcing all SpiderLab's blog posts. >Did I get it correctly, that libModSecurity is no longer >written in C, but in C++? Does that extend on the connectors to? The core itself is written in C++. But there is an C interface as well. The connectors can be writing in C++ or C. Also, it can be extended via bindings to script languages, such as Python [https://github.com/SpiderLabs/ModSecurity-Python-bindings]. The library API documentation is writing together with the code, following a style that can be understood by Doxygen. As you can see in the examples bellow: https://github.com/SpiderLabs/ModSecurity/blob/libmodsecurity/headers/modsecurity/modsecurity.h#L149-L223 https://github.com/SpiderLabs/ModSecurity/blob/libmodsecurity/src/transaction.cc#L49-L86 https://github.com/SpiderLabs/ModSecurity/blob/libmodsecurity/headers/modsecurity/transaction.h We do have some doxygen targets on our Makefile already, but it is something that needs to be improved. >The Python Rule Import blogpost is even cooler. I did not think >of this before. I know that there are options to do this with >the Core Rules on nginx already, but now that it seems to become >available for my platform as well, my mind is spinning madly >thinking about use cases. This is really neat. Yeah, that one is cool :) I guess that particular feature will extend ModSecurity adoption. The possibility to pretty-print the rules (web, console, whatever) is something that I think will be very popular. At least that is what I hope. >Please keep us posted on the progress of the work Sure! I want to release v2.9.1 and get back to work on ModSecurity version 3 as soon as possible. >P.S. You used to plan for a community meeting in December. That >did not happen. Any new plans for the next meeting? Not only the meeting but also the release for v2.9.1. Let me make the meeting call in another email... Br., Felipe “Zimmerle” Costa Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com <http://www.trustwave.com/> ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
Thanks for helping keep SourceForge clean.
X