This year, the OWASP ModSecurity Core Rule Set for the second time took part in the Google Summer of Code initiative. Google Summer of Code (GSoC) is a global online program focused on bringing new contributors into open-source software development. GSoC contributors work with an open-source organization of their choice on a 12+ week programming …
The OWASP ModSecurity Core Rule Set project has opened a YouTube channel. Here we plan to gather all videos that are relevant to the project. In the meantime, feel free to contact us if you think you have fitting content. And don’t forget to give a thumbs up to the videos and subscribe to the …
Question: What do programmers, security specialists and other IT nerds do on Valentine's Day? Answer: they get together for the CRS Community Summit in Ireland. As in previous years, we used the OWASP Global AppSec Conference, which this year was held in Ireland's capital, as an opportunity to call for our Community Summit on February …
A brief report on the CRS Community Summit 2023. Read More »
Team82 has published an exciting research article about bypassing web application firewalls using a specific SQL syntax that uses JSON. More information about their research can be found here. An example payload described by Team82 could be: The OWASP Core Rule Set is blocking all payloads reported by Team82 at paranoia level 2 basically just …
Franziska Bühler doesn't feel too comfortable in the limelight. The CISO of a Swiss mid-sized IT company rather likes to work through lists of hundreds of bypasses than being at the forefront. Talking to her, it gets clear quickly: Fränzi loves a challenge. “Once I set my mind to something, I follow through,” she says. …
Meet the CRS team: Fränzi, the puzzle-loving hard worker with a mission Read More »
Let the CRS project be your Valentine: The OWASP ModSecurity Core Rule Set project will hold the first post-pandemic Community Summit at the Dublin Convention Center in Ireland on Tuesday, February 14, 2023. We invite the whole CRS community, users, developers, integrators, and sponsorsto meet with us for an exchange of thoughts, technical talks, and networking. After the …
Save the Date: CRS Community Summit on February 14, 2023 Read More »
The OWASP ModSecurity Core Rule Set (CRS) project is proud to announce a new sponsoring partner: Bug Bounty Switzerland – a startup that has pioneered the collaboration with ethical hackers in Switzerland and today is Switzerland’s leading provider of bug bounty programs and public trust initiatives. Since 2022, they are the strategic partner of the National Cyber …
Bug Bounty Switzerland supports CRS as Silver sponsor Read More »
Pizza, pasta, pesto ... pineapple? This was one of the many important topics (and one of the most controversial) discussed at the CRS developer retreat 2022 in Italy. The annual CRS developer team retreat is always a highlight of the year, finally meeting face-to-face again and not just via chat. This time, the backdrop for …
Astronaut? Garbage truck driver? Electrical engineer? Metalsmith? In the end, Hungarian Ervin Hegedüs became a software developer. Within the Core Rule Set project, he contributes primarily to tool development and packaging. “New team members should above all be team players,” says Ervin. Ervin Hegedüs has had no shortage of interesting career ideas in his 51-year …
Meet the CRS team: Ervin, the gardening radio amateur in the background Read More »
He likes to play board games and the guitar, and he loves to fix bypasses to CRS rules: Italian Andrea Menin joined the Core Rule Set team in 2018. The most important requirement for anybody joining the project, he says, is to enjoy it. He never wanted to be a locomotive engineer or an astronaut, …
Meet the CRS team: Andrea, the musical man-in-the-middle Read More »