[TYPO3-project-waf] WAF project: brainstorming

[Dmitry Dulepov]

Hi!

On behalf of the security team I would like to start a brainstorming 
for WAF project. My ideas about this project are:
- it uses mod_security2 as a backend
- it contains a freely downloadable basic rule set
- rule set will be updated as often as necessary
- rule set will contain rules to prevent known and possible future attacks
- WAF is NOT a replacement for TYPO3 security updates, it is a 
prevention and rescue solution, not a tool to use instead of security 
updates

Currently interested users (possible contributors) in alphabetical order:
- Dmitry Dulepov
- Markus Krause
- Xavier Perseguers

The list above does NOT mean we create a closed circle from this three 
people. Anyone can contribute by posting his ideas, requirements, rule 
suggestions to this list! (But, please, do not post rules yet, just 
ideas, please!). The list above shows people who were interested in 
this project in the past month.

What is required from contributors?
- knowledge of common attack (SQLi, XSS, etc)
- knowledge of mod_security2
- certain amount of enthusiasm
- some free time to dedicate to this project

You are welcome to comment :)

-- 
Dmitry Dulepov
"Trust me, I am a doctor!" (c) Gregory House, M.D.