TW - Vincent
TW - Vincent
The core idea is to slightly reduce the complexity of exclusions, in order to indirectly address a common objection raised by most professionals when it comes to enabling the rules....
Open-source E-commerce PHP solutions are currently facing unprecedented waves of attacks, driving a headlong rush toward SaaS platforms and putting these ecosystems at risk of collapse. We’re working to preserve...
Just to clarify - **these are not my customers**, but my peers. I’m doing this work voluntarily, to help fellow professionals who manage open-source E-commerce infrastructures and struggle with OWASP...
Hi Christian, thanks for your feedback and for taking the time to discuss it. I assume you meant moving 931130 to PL2 and not PL1. In my view, that would...
@EsadCetiner it was that : ``` # -=[ Rule Logic ]=- # There are two different chained rules. We need to separate them as we are inspecting two # different...
We have other rules on this topic, but I’m not sure you would like the approach. If you allow me to create a ruleset that uses STREAM_INPUT_BODY (not supported on...
Since we cannot rely on REQUEST_BODY (and therefore not on REQUEST_BODY_LENGTH, which depends on REQUEST_BODY) for this use case, we are missing a REQUEST_HAS_BODY variable. Would it be difficult to...