You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have an exciting project on the table, and we're looking to engage the collective brilliance of this community. We're seeking contributions from individual engineers, open-source enthusiasts, or even companies interested in helping fortify web application security.
Objective
We aim to build a robust OWASP Coraza Web Application Firewall (WAF) connector that integrates seamlessly with NGINX. This connector will act as a vital link between the NGINX server and the Coraza WAF, effectively enhancing the security capabilities of web applications.
Requirements
The connector should be primarily written in C and interact with libcoraza, the C wrapper for Coraza coded in Go. However, we're also open to building the connector using Rust, given its reputation for memory safety and performance, while maintaining the connection to libcoraza.
Desired Skills
Proficiency in C programming and/or Rust.
Solid understanding and hands-on experience with NGINX modules.
Familiarity with Web Application Firewalls (WAFs), specifically OWASP Coraza or ModSecurity.
Technical Details
The implementation of the connector should meet the following requirements:
Support for all 5 Phases: The connector should be able to handle request headers, request body, response headers, response body, and logging.
Directive Invocation: The implementation must invoke directives from the NGINX configuration.
Support for Reloading: The connector should support NGINX configuration reloading without service interruption.
Config Merging: The implementation must support merging configurations, such as nested locations with different configurations.
Support
We are committed to actively support throughout the project, especially in understanding and integrating with libcoraza. Our team is equipped to provide clarifications, technical insights, and testing support to ensure the project's success.
Open Invitation
This call is open to everyone - from individual open-source enthusiasts to larger organizations that can contribute. If you are interested in participating in this project, please comment here.
This is a great chance to contribute to an essential security feature for our WAF, work with advanced technologies, and be a part of the effort to create a safer web environment.
We eagerly anticipate your innovative ideas and valuable contributions.
Thanks & Best Regards,
Juan Pablo Tosso & the Coraza Team
Chiming in from the OWASP ModSecurity Core Rule Set team: We are 100% behind this and we have also set aside some funds for this. It's not much, but it's enough to get you going.
Hello everyone,
We have an exciting project on the table, and we're looking to engage the collective brilliance of this community. We're seeking contributions from individual engineers, open-source enthusiasts, or even companies interested in helping fortify web application security.
Objective
We aim to build a robust OWASP Coraza Web Application Firewall (WAF) connector that integrates seamlessly with NGINX. This connector will act as a vital link between the NGINX server and the Coraza WAF, effectively enhancing the security capabilities of web applications.
Requirements
The connector should be primarily written in C and interact with libcoraza, the C wrapper for Coraza coded in Go. However, we're also open to building the connector using Rust, given its reputation for memory safety and performance, while maintaining the connection to libcoraza.
Desired Skills
Technical Details
The implementation of the connector should meet the following requirements:
Support
We are committed to actively support throughout the project, especially in understanding and integrating with libcoraza. Our team is equipped to provide clarifications, technical insights, and testing support to ensure the project's success.
Open Invitation
This call is open to everyone - from individual open-source enthusiasts to larger organizations that can contribute. If you are interested in participating in this project, please comment here.
This is a great chance to contribute to an essential security feature for our WAF, work with advanced technologies, and be a part of the effort to create a safer web environment.
We eagerly anticipate your innovative ideas and valuable contributions.
Thanks & Best Regards,
Juan Pablo Tosso & the Coraza Team
References:
The text was updated successfully, but these errors were encountered: