Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rules based on OWASP 2017 RC1, update to OWASP 2017 Final? #5

Closed
autodeck opened this issue Jan 10, 2020 · 3 comments
Closed

Rules based on OWASP 2017 RC1, update to OWASP 2017 Final? #5

autodeck opened this issue Jan 10, 2020 · 3 comments
Labels
2020 Q3 Milestone 2020 Q3 enhancement New feature or request

Comments

@autodeck
Copy link

As far as I can tell, the rules seem to be based most closely on the RC1 version of the OWASP 2017 Top 10:
https://www.owasp.org/images/3/3c/OWASP_Top_10_-_2017_Release_Candidate1_English.pdf

Are there any plans to update to the final version:
https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
@exequielrafaela exequielrafaela self-assigned this Jan 16, 2020
@exequielrafaela exequielrafaela added the enhancement New feature or request label Jan 16, 2020
@exequielrafaela
Copy link
Member

exequielrafaela commented Jan 16, 2020
edited
Loading

@autodeck thanks for your improvement request here, we'll most probably consider it and add it in our roadmap for this next few months.

If your requirement is urgent do not leave out of consideration the brand new (Nov 2019) wafv2 Managed rules for AWS Web Application Firewall: AWS WAF announces AWS Managed Rules (AMRs), a set of AWS WAF rules curated and maintained by the AWS Threat Research Team:

NOTE1: Currently this new WAF version it's not supported by the terraform-aws-provider they're WIP though 💪 -> hashicorp/terraform-provider-aws#11046

NOTE2: Currently supported as code via:

CC: @diego-ojeda-binbash @mpagnucco @gdmlnx @AlfredoPardo

@exequielrafaela exequielrafaela removed their assignment Feb 3, 2020
@exequielrafaela exequielrafaela added the 2020 Q1 Milestone 2020 Q1 label Feb 3, 2020
@exequielrafaela exequielrafaela added this to the 2020 Q1 milestone Feb 3, 2020
@autodeck
Copy link
Author

autodeck commented Feb 4, 2020

@exequielrafaela - Sorry for the delay - great news :) I'll keep an eye on this!

Yes I did consider the wafv2 - but as you imply - I need to be able to Terraform it.
Thanks

@exequielrafaela exequielrafaela mentioned this issue Mar 5, 2020
Closed
@exequielrafaela exequielrafaela added 2020 Q2 Milestone 2020 Q2 2020 Q3 Milestone 2020 Q3 and removed 2020 Q1 Milestone 2020 Q1 2020 Q2 Milestone 2020 Q2 labels Apr 16, 2020
@exequielrafaela exequielrafaela removed this from the 2020 Q1 milestone Apr 16, 2020
@exequielrafaela
Copy link
Member

@autodeck we'll be favouring wafv2 since terraform support is already here:

aws provider resources

Reference Module

Thanks for your time and collab here!

CC: @diego-ojeda-binbash

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
2020 Q3 Milestone 2020 Q3 enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@exequielrafaela @autodeck