Registration for the OWASP CRS Community Summit 2024 - Lisbon, June 26

We had previously announced the date and the location of our 2024 community summit. But it’s about time to start the formal registration so we can finalize our planning. We’re meeting in the on Wednesday June 26 at the Hyatt Regency for the 2024 CRS Community Summit. This is right next to the Lisbon Conference Center where the OWASP AppSec conference is happening Thursday and Friday. REGISTRATION We will start at 09:30 local time in the room Alfama III with coffee and then talks and workshops from 10:00.

Meet the CRS team: Jozef, the cat loving father from Slovakia

Programming and entrepreneurship run in Jozef Sudolsky’s family. When he’s not working for his own web hosting company or for the CRS project, you can find him working out at the gym or in his large garden - or just playing with his daughter. His office is at the same time his daughter’s playroom. His own company, his daughter, four cats, a house, a large garden, and the CRS project keep him busy: Jozef Sudolsky aka azurit

Save the date: CRS Community Summit on June 26 in Lisbon

The CRS project will once again hold its Community Summit the day before OWASP’s Global AppSec Conference – this year in the capital of Portugal. The whole CRS community – users, developers, integrators, and sponsors – is invited to meet on Wednesday, June 26 for an exchange of thoughts, technical talks, and networking. The program is still in the making. We plan a variety of talks about CRS 4, ModSecurity and Coraza.

CRS version 4.1.0 released

Last week, we have released CRS v4.1.0. The new release is the first according to the new monthly release schedule and brings a couple of new features and fixes. It includes quality improvements via better rule linting and fixes for false positives across a handful of rules. And: new developer Esad Cetiner has joined the team intime for the 4.1 release. Read the changelog here.

New feature spotlight: Early Blocking

One of the new features added in CRS 4 is Early Blocking. This optional new setting allows blocking decisions to be made earlier than usual. How it works CRS request detection rules take place in two phases. The rules of the first phase are executed after the server has received the HTTP request line and the request headers. The rules of the second phase are executed once the request body has been received and parsed.

The OWASP CRS project mourns the death of Co-Leader Walter Hop

Walter died last week and we are at a loss of words. For CRS, he has been a wonderful friend, a strong colleague, a developer with an impressive knowledge of PHP and WordPress in particular, a very smart thinker and one of very few regex wizards. He was also a dedicated Pokemon Go player and I remember how he would go for walks in the afterhours of IT conferences to hunt for some rare beasts.

Let CRS 4 be your valentine!

What a Valentine’s Day present we have got for you: today, the Core Rule Set project is releasing CRS 4! Finally, you may say – and would be absolutely right: it took us a long time to get there. But we wanted to do it right, especially after the bug bounty program we took part in left us with over 500 individual findings in roughly 180 reports. Fixing all these needed more time than we originally thought.

Welcome the newest addition to the OWASP family: ModSecurity!

With the new year comes good news: last week, Trustwave and the OWASP Foundation have announced the agreement to transfer ModSecurity to OWASP. The transition will commence on January 25. The incubation phase of the new OWASP ModSecurity project will focus on the establishment of a development community to lay the basis for a successful continuation of the project under the new stewardship. This entails the three areas: communication, administration and development.

A new silver sponsor for CRS: Swiss Post

We are proud to present Swiss Post as new silver sponsor for the OWASP ModSecurity Core Rule Set. Swiss Post is one of the longest-standing and best-known brands in Switzerland since its establishment in 1849. The company uses many open-source solutions for development and operation and in turn supports the community where possible. Ties between Swiss Post and the CRS project team have traditionally been strong with different core team members having worked for the premier Swiss provider of mail and logistics services.

Meet the CRS team: Felipe, the team player on the other side of the Atlantic

As a South American, Felipe Zipitría has a special status in the CRS core team. The sociable Uruguayan played basketball which taught him all about the value of teamwork. Automation and standardization are key issues for Felipe in the CRS project. “The CRS project offers exciting problems that can make any techie happy”, he says. Our man in South America: Felipe Zipitría enjoys the views of Budpest at the CRS Developer Retreat 2023