Christian Folini

A new attempt to combine the CRS with machine learning

The following is a contributing blog post by Floriane Gilliéron. You can reach Floriane via firstname dot lastname at gmail.com. My Master Thesis from EPFL tackled the challenge of using machine learning to improve the performance of a ModSecurity web application firewall, used with the OWASP Core Rule Set. The initiators of the project were

A new attempt to combine the CRS with machine learning Read More »

CVE-2020-15598 – ModSecurity v3 Affected By DoS (Severity HIGH)

The OWASP ModSecurity Core Rule Set (CRS) team has identified a Denial of Service vulnerability in the underlying ModSecurity engine. This affects all releases in the ModSecurity v3 release line. The vendor Trustwave Spiderlabs did not release an update yet. However, we are providing users with a patch for ModSecurity and a workaround if they

CVE-2020-15598 – ModSecurity v3 Affected By DoS (Severity HIGH) Read More »

Introducing msc_pyparser

Let us present msc_pyparser to you. It is a python library that lets you manipulate ModSecurity rules configuration files. ModSecurity has decent capabilities to manipulate rules at runtime, but msc_pyparser lets you manipulate the config files themselves. This is useful in many situations and the longer we use it, the more use cases pop up.

Introducing msc_pyparser Read More »

CRS Repository at New Location

We have successfully migrated our GitHub repository to a new location at https://github.com/coreruleset/coreruleset Trustwave SpiderLabs hosted the OWASP ModSecurity Core Rule Set project under their umbrella for many years. They acted as stewards of our project and also directed it via the former lead Ryan Barnett. Yet as a formally independent OWASP project, it is

CRS Repository at New Location Read More »