-
-
Notifications
You must be signed in to change notification settings - Fork 402
Dev Retreat Topics
Christian Folini edited this page Oct 25, 2021
·
42 revisions
CRS is doing a developer retreat in Switzerland from October 23 to October 30, 2021.
This page is meant as a blackboard to add ideas
We will need about 4-5 big projects (running 2-3 in parallel every day) plus about 8 workshop style tasks.
We distinguish between Project (-> big project) and Workshop (-> small project or workshop).
| Link | Size | Description |
|---|---|---|
| DevRetreat21CorazaIntegration | Project | Integrating CRS into Coraza WAF |
| DevRetreat21UpdateDocumentation | Project | Update CRS documentation |
| DevRetreat21WriteTechnicalBlogPosts | Project | Write technical blog posts |
| DevRetreat21DemoSite | Project | Setup a CRS demo site where people can test their payloads |
| DevRetreat21StatusPage | Project | Status page where we test CRS integrations like Azure / AWS with our test suite and then we give them scores |
| DevRetreat21AvoidCVEs | Workshop | How to avoid bypasses like the CVE we published in July - what is wrong with our development process? |
| DevRetreat21PlanningWorkshop | Workshop | Planning workshop: Where do we want to go with the project |
| DevRetreat21TrustwaveModSecurity | Workshop | How to cope with / profit from TW's announcement about ModSecurity's future |
| DevRetreat21RuleDocTemplate | Workshop | Workshop: template for rule documentation in the rules files. The descriptions are very chaotic and can't be used in a systematic way. If the docs would be systematic, tools / integrators could import them into their solution 1:1. |
| DevRetreat21RequestSmugglingSSRF | Workshop | Get down to business with request smuggling: We need to do a better job here. |
| DevRetreat21ModSecRecommendedRules | Workshop | Talk about replacing existing ModSec Recommended Rules |
| Votes | Size | Description |
|---|---|---|
| Project | Finalize Machine Learning Plugin | |
| airween | Workshop | Prepare 3.4 / 4.0 release |
| airween | Workshop | Write a guide on options / best practices for setting up CRS with custom rules / rule exclusions and how to perform updates (bonus points for CI/CD setup) |
| Project | Cleanup open issues | |
| Project | Write CRS success stories | |
| Project | Create more exclusion profiles for popular CMS (Typo3?Joomla?) | |
| Workshop | Calls with / visits by existing sponsors | |
| Workshop | OWASP TOP 20 Automated Threats: rules or plugins idea for "anti automation" | |
| Workshop | Application Rule Set template (active rules based on application type, OS, etc...) | |
| dune73 | Workshop | Improve Sponsoring Slidedeck |
| dune73 | Workshop | Move existing rule exclusions to plugins |
This is the confirmed activities
- Monday Oct 25, 15:00: Tolkien Museum in Jenins, 75min by car.
- Monday Oct 25, dinner, Jenins, Restaurant Bündte, to be reserved.
- Wednesday Oct 27, afternoon Anna Göldi Museum, to be reserved. (The last witch burnt in Switzerland, modern museum around a very important case of Swiss history)
- Wednesday Oct 27, dinner, outside, to be reserved
- Hiking
- Swimming in a fun park (Alpamare)
- Cinema / onsite movie night with beamer
- Läderach Chocolate Museum
- Fondue: hard to find in this region, but here with a trip of 40min: http://www.fischli-aeschen.ch/restaurant.html
- Glarus Tourism: https://glarnerland.ch/en/year-round.html
- Freuler Palace https://glarnerland.ch/en/map/detail/freulerpalast-museum-des-landes-glarus-740d67b0-0d50-429c-bc12-5ed05abcfe97.html, closed from Oct 15.
- UNESCO Nature World Heritage Sardona: hhttps://unesco-sardona.ch
- Board games