January monthly meeting agenda #991

CRS-migration-bot · 2020-05-13T13:43:25Z

Issue originally created by user spartantri on date 2018-01-02 03:51:34.
Link to original issue: SpiderLabs/owasp-modsecurity-crs#991.

Happy 2018 to everyone!

Here are some items to discuss during our monthly chat:

ML seems to be broken. This has been escalated to OWASP HQ by dune73 today.
PR REQUEST-944-APPLICATION-ATTACK-JAVA.conf #990: Java attacks : ready for review
PR added regression test for 942490 #989
PR Rules for Dokuwiki. #983 - dune73 failed to test and merge this. Sorry.
PR Rules for NextCloud installs (and possibly OwnCloud). #982 - dune73 failed to test and merge this. Sorry.
PR Make travis tests fail if Apache can't load rules #977
PR for the serilize object injection, it should be 933170 instead of 933150 #926 - fix for 920390, and also need to add setvar:tx.total_arg_length=10"… #949 from azhao155 regarding the tests
PR Command substitution backquoted version support #896
PR Create REQUEST-944-APPLICATION-ATTACK-JAVA.conf #881
Issues generally: As mentioned last month we have a problem with open issues that we do not solve. We need a plan. (-> brought up by dune73)
Issue Definition of the remaining Policies for Best Practices Accreditation #986: Testing policy definition
Issue 921100 incorrectly forbids "," (commas) in Transfer-Encoding #974: Consider what to do with 921100 incorrectly forbids "," (commas) in Transfer-Encoding #974, pt 3.
Issue cPanel whm-server-status FP report #731: Get down to business with this issue - open for over a year
spartantri: Had no time to do the check on t:lowercase vs rx ?i
New rule idea by spartantri: File upload check rules, I wrote today a new set of rules (~10) to do some checks on files (images and docs) to check if they are really the type of file and not a exe (MZ, ELF) in disguise (https://github.com/spartantri/owasp-modsecurity-crs/blob/v3.1/devFileUpload/rules/REQUEST-914-FILE-DETECTION.conf), it may be an interesting addition, currently at PL2 but may fit better in PL3 due to use of SecUploadKeepFiles, FILES_TMP_CONTENT, SecStreamInBodyInspection and STREAM_INPUT_BODY if that is a problem or had the one rule using the stream commented by default (libmodsec 3 incompatibility)
We have a volunteer who would like to shift all rules that fit into phase 1 into phase 1.
AppSecEU has been moved from Israel to UK and shifted to match the dev summit two weeks earlier. This would thus be perfect for our planned little CRS summit. dune73 is in charge of this.
dune73 is doing a ModSec/CRS/NGINX webinar with O'Reilly on January 9. Subscription is free, the slides will be shared afterwards.
dune73 wrote a blog post about the development of the CRS project on the OWASP blog in December: https://owasp.blogspot.ch/2017/12/core-rule-set-evolution-of-an-owasp-project.html

CRS-migration-bot · 2020-05-13T13:43:27Z

User fzipi commented on date 2018-01-02 13:41:08:

Merge the PRs from azhao155.
Testing policy definition (from Definition of the remaining Policies for Best Practices Accreditation #986)

CRS-migration-bot closed this as completed May 13, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

January monthly meeting agenda #991

January monthly meeting agenda #991

Uh oh!

Uh oh!

January monthly meeting agenda #991

January monthly meeting agenda #991

Comments

Uh oh!