Walter Hop

Announcement: OWASP ModSecurity Core Rule Set Version 3.2.0

The OWASP ModSecurity Core Rule Set team is proud to announce the general availability of the OWASP ModSecurity Core Rule Set Version 3.2.0. The new release is available for download at https://coreruleset.org/installation/ This release represents a very big step forward in terms of both capabilities and protections including: Improved compatibility with ModSecurity 3.x Improved CRS …

Announcement: OWASP ModSecurity Core Rule Set Version 3.2.0 Read More »

Announcement: OWASP ModSecurity Core Rule Set Version 3.2.0-RC2

The OWASP ModSecurity Core Rule Set team is proud to announce the general availability of release candidate 2 for the upcoming CRS v3.2.0. The new release is available at https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v3.2.0-rc2.zip https://github.com/SpiderLabs/owasp-modsecurity-crs/archive/v3.2.0-rc2.tar.gz This release represents a very big step forward in terms of both capabilities and protections including: Improved compatibility with ModSecurity 3.x Improved CRS docker …

Announcement: OWASP ModSecurity Core Rule Set Version 3.2.0-RC2 Read More »

How the CRS optimizes regular expressions

As many of you have noticed, the Core Rule Set contains very complex regular expressions. See for example rule 942480: (?i:(?:\b(?:(?:s(?:elect\b.{1,100}?\b(?:(?:(?:length|count)\b.{1,100}?|.*?\bdump\b.*)\bfrom|to(?:p\b.{1,100}?\bfrom|_(?:numbe|cha)r)|(?:from\b.{1,100}?\bwher|data_typ)e|instr)|ys_context)|in(?:to\b\W*?\b(?:dump|out)file|sert\b\W*?\binto|ner\b\W*?\bjoin)|… These regular expressions are assembled from a list of simpler regular expressions for efficiency reasons. See regexp-942480.data for the source expressions which were combined to form this expression. A single optimized regular expression test …

How the CRS optimizes regular expressions Read More »

Join us on the OWASP Slack!

Are you interested in hanging out with the CRS developers? Giving your input on CRS development issues? Chatting about the wonderful world of WAFs? Then this is your chance! At OWASP AppSecEU 2018, we have started the #coreruleset channel in the OWASP Slack. This has turned out to be a good place for exchanging ideas …

Join us on the OWASP Slack! Read More »

ModSecurity version 2.9.2 released

Trustwave has released ModSecurity version 2.9.2. This is an important update for users of the Core Rule Set. To detect SQL and XSS injections, CRS relies in part on the libinjection library by Nick Galbreath. This library is bundled with ModSecurity. It is regularly updated to address new types of injections. Therefore, to have optimal …

ModSecurity version 2.9.2 released Read More »