After coming back from Barcelona, it took me a bit to adjust to my normal timezone. It took me a while to just get my head on this post.
First of all, we would like to thank again our Open WAF day Barcelona 2025 sponsor, Harness 👏 👏 👏 Without them setting this up would have been extremely difficult.
Now, we had around 20 people stopping by in our assigned room at the magnific CCIB. The agenda ended up being:
| Time | Title | Presenter(s) |
|---|---|---|
| 09:00am - 09:15am | Open WAF Day Welcome and Presentation | Felipe Zipitria |
| 09:15am - 09:45am | CrowdSec & Coraza - CrowdSourcing a WAF | Thibault Koechlin |
| 09:45am - 10:15am | MRTS: Testing ModSecurity | Ervin Hegedüs |
| 10:15am - 10:45am | Coffee Break | |
| 10:45am - 11:15am | The future of CRS | Felipe Zipitria |
| 11:15am - 11:45am | Improving regular expressions | Soujanya Namburi |
| 12:00pm - 13:30pm | Lunch | |
| 13:30pm - 14:15pm | Breaking the Perfect HTTP Feedback Loop with Chaos Fortress | Christian Folini |
| 14:15pm - 14:45pm | WAFs and Observability | José Carlos Chavez |
| 14:45pm - 15:15pm | Coffee Break | |
| 15:15pm - 15:45pm | Best practices operating with WAF rules | Juan Pablo Tosso |
| 15:45pm - 16:15pm | 15 years behind the WAF: real-life lessons from operating WAFs at scale | Alexandre Schaff |
| 16:15pm - 17:00pm | PCI DSS WAF requirements | Project leaders + Enterprises Round Table |
It was an intense journey, where we enjoyed presentations from different visions of the Industry, shared with the idea of creating a better journey for the projects. We also gave each other cross feedback, which is invaluable for every deployment and reality out there.
In summary, we did have fun and it was a nice day before the start of the amazing OWASP AppSec Barcelona 2025. Let me leave you with some pictures of the event below. See you at the next Open WAF Day! 👋
Gallery
Felipe Zipitria