Christian Folini

OWASP CRS is the dominant open source web application firewall (WAF) rule set that powers countless servers, commercial WAFs and runs on many CDNs and cloud platforms.  Yahoo and Intigriti helped OWASP CRS organize a three week bug bounty program in Spring 2022. A well prepared earlier attempt had not given any results, literally zero …

What we learnt from our bug bounty program: It’s not for the faint of heart Read More »

We're excited to announce a new partnership with Edgio, a leading provider of edge security solutions, that was formed by the combination of Limelight and Edgecast. Edgio is a trusted partner for organizations looking to protect their digital assets. Its holistic suite of security solutions protects the confidentiality, integrity and availability of web applications and …

CRS Welcomes Edgio as Gold Sponsor Read More »

On February 14, the CRS community will meet at the Dublin Convention Center for the 2023 CRS Community Summit, the first summit after the pandemic. REGISTRATION It has been a while since last we met and many things have happened since. So, there is a lot to talk about. We start at 9 am local …

Registration for the OWASP CRS Community Summit 2023 – Dublin, Feb 14 Read More »

The log4j mess allowed everybody to see security shortcomings of the IT industry on a big scale. It also shed light on the shortcomings of the WAF market, a highly contested field with a myriad of commercial players and - well - us, the OWASP ModSecurity Core Rule Set (CRS), the only general purpose open …

Comprehensive View of the WAF Market From an Open Source Perspective Read More »

It's time to talk about the ModSecurity engine and to introduce you to Coraza, a new contender on the WAF front. Any rule set is nothing without a WAF engine to run it, so even if our project is focused on the rules, we need to look at the underlying engine(s) from time to time. …

Talking about ModSecurity and the new Coraza WAF Read More »