WebApp Sec mailing list archives
Re: mod_security rule database
From: NightHawk <nighthawk () easyservermanagement com>
Date: Fri, 31 Oct 2003 13:23:56 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I think that is a wonderful idea, anytime everyone pools thier knowledge I feel it is an advantage to the community as a whole. It will be especially usefull to newer admins who otherwise might never try modsecurity (due to fear of learning curve). NH On Friday 31 October 2003 12:25 pm, Ivan Ristic wrote:
I have this idea about creating a mod_security rule database, similar to what the Snort folks have. My very rough notes are available here: http://www.modsecurity.org/download/modsec-ruledb.txt I am well aware of the VulnXML and OASIS WAS efforts but I feel the focus of the mod_security rule database would be different. I want to create something really easy to use, a tool that would help people protect themselves (automatic updates perhaps). For example, accessing an URL such as: http://www.modsecurity.org/rules/download/phpgroup/php/4.3/ would produce rules to patch PHP 4.3 vulnerabilities. Would someone care to contribute an opinion on this subject?
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE/oqi8b58ZIoF+byQRAmDeAJ935jAvvDTR99LKJgiQ9qLDSFKXEQCglFFh UEkG8WZASPSoScS1nH7Gn7k= =LhPs -----END PGP SIGNATURE-----
Current thread:
- mod_security rule database Ivan Ristic (Oct 31)
- Re: mod_security rule database NightHawk (Oct 31)