Open WAF Day Barcelona 2025

After coming back from Barcelona, it took me a bit to adjust to my normal timezone. It took me a while to just get my head on this post.

First of all, we would like to thank again our Open WAF day Barcelona 2025 sponsor, Harness 👏 👏 👏 Without them setting this up would have been extremely difficult.

Now, we had around 20 people stopping by in our assigned room at the magnific CCIB. The agenda ended up being:

TimeTitlePresenter(s)
09:00am - 09:15amOpen WAF Day Welcome and PresentationFelipe Zipitria
09:15am - 09:45amCrowdSec & Coraza - CrowdSourcing a WAFThibault Koechlin
09:45am - 10:15amMRTS: Testing ModSecurityErvin Hegedüs
10:15am - 10:45amCoffee Break
10:45am - 11:15amThe future of CRSFelipe Zipitria
11:15am - 11:45amImproving regular expressionsSoujanya Namburi
12:00pm - 13:30pmLunch
13:30pm - 14:15pmBreaking the Perfect HTTP Feedback Loop with Chaos FortressChristian Folini
14:15pm - 14:45pmWAFs and ObservabilityJosé Carlos Chavez
14:45pm - 15:15pmCoffee Break
15:15pm - 15:45pmBest practices operating with WAF rulesJuan Pablo Tosso
15:45pm - 16:15pm15 years behind the WAF: real-life lessons from operating WAFs at scaleAlexandre Schaff
16:15pm - 17:00pmPCI DSS WAF requirementsProject leaders + Enterprises Round Table

It was an intense journey, where we enjoyed presentations from different visions of the Industry, shared with the idea of creating a better journey for the projects. We also gave each other cross feedback, which is invaluable for every deployment and reality out there.

In summary, we did have fun and it was a nice day before the start of the amazing OWASP AppSec Barcelona 2025. Let me leave you with some pictures of the event below. See you at the next Open WAF Day! 👋

Gallery

Felipe Zipitria