We are back with the CRS project news. The news are running very, very late in the month as I’ve been held up with other projects. What has happened in recent weeks Miyuru Sankalpa has started to publish a transformed GeoIP database in the legacy format readable by ModSecurity 2.x under a creative commons. This …
We are back with the CRS project news. We’re attending the Cloudfest Hackathon in March in Germany and we have plans for another CRS Community Summit at the new OWASP AppSec Global conference in Tel Aviv at the end of May (formerly OWASP AppSecEU). What has happened in recent weeks We have reached 1500 stars …
I hope everybody has a few calm days to finish the year. CRS is finishing the year enjoying the 3.1 release and an adjustment to the PHP rules that closes a nasty hole in the detection. What has happened in recent weeks CRS 3.1 has been released bringing new rules to detect Java injections and …
The OWASP Core Rule Set team is happy to announce the CRS release v3.1.0 at last. A wee bit over 2 years in the making, this major release represents a big step forward in terms of capabilities, usability and protection. Key features include: * A new set of rules defending against Java injections * Initial …
Announcement: OWASP ModSecurity Core Rule Set Version 3.1.0 Read More »
The plan is to do this newsletter every month, but it’s already November. The reason is the pending 3.1 release, so I waited for the release to happen and then it did not and suddenly October was over. But now we have a 3.1-RC2 and a strong belief that 3.1 will come out for good …
We skipped the monthly news in August as the 3.1-RC release had been delayed into September. But here we go again with the mostly monthly newsletter of the CRS project. The most important news is the publication of the release candidate 1 for CRS 3.1. What has happened in recent weeks CRS 3.1 RC1 has …
This is a guest piece by Jamie Riden / @pedantic_hacker. Jamie has been doing penetration tests, secure development training and security code review since 2010 – and other kinds of computer-wrangling for much, much longer. Having been a systems engineer, a coder and now a pen-tester, I’d like to take a brief moment of your …
Some Thoughts on why Web Application Firewalls Really Make a Difference Read More »
Chris Romeo from the AppSec Podcast did an interview with our own Christian Folini during the AppSecEU conference in July. The 25min interview has been published lately. The interview discusses the project itself, the upcoming 3.1 release, plans to expand beyond ModSecurity and CRS fits into agile development. Here is the link to the interview: …
AppSec Podcast Interviewing CRS Project Co-Lead Christian Folini Read More »
We are launching the monthly news anew. The idea is to look beyond the pure CRS development again and to bring you additional information that touch on our project. As the editor, I (-> Christian Folini) am planning to release this in the first half of the month. This did not work in July, though, …
This is a brief coverage of the CRS Community Summit during AppSecEU in London last week. Over 25 people followed our call for this first face to face meeting of the CRS developer team (6 of 10 developers with commit rights in the same room!) and the community. We have been very happy to have …
Reporting from the First CRS Community Summit in London Read More »