Blog

CRS Project News May 2019

We are back with the CRS project news. There was not too much to talk about in recent weeks, but now there is real content. So here we go. What has happened in recent weeks Security researcher Somdev Sangwan has looked into Regular Expression Denial of Service attacks. It is a more or less well …

CRS Project News May 2019 Read More »

Regular Expression DoS weaknesses in CRS

Somdev Sangwan has discovered several Regular Expression Denial of Service (ReDoS) weaknesses in the rules provided by the CRS project. They are listed under the following CVEs: CVE-2019–11387 CVE-2019–11388 CVE-2019–11389 CVE-2019–11390 CVE-2019–11391 The fact that CRS is affected by ReDoS is not particularly surprising and truth be told, we knew that was the case. We …

Regular Expression DoS weaknesses in CRS Read More »

Core Rule Set Docker Image

The Core Rule Set is installed in just four steps, as described in the Installation Guide. Now, it’s even easier using the CRS Docker container. The effort to start the CRS in front of an application is reduced to a few seconds and only one command. Franziska Bühler, one of the CRS developers, enhanced the …

Core Rule Set Docker Image Read More »

Join us on the OWASP Slack!

Are you interested in hanging out with the CRS developers? Giving your input on CRS development issues? Chatting about the wonderful world of WAFs? Then this is your chance! At OWASP AppSecEU 2018, we have started the #coreruleset channel in the OWASP Slack. This has turned out to be a good place for exchanging ideas …

Join us on the OWASP Slack! Read More »

AppSec Podcast Interviewing CRS Project Co-Lead Christian Folini

Chris Romeo from the AppSec Podcast did an interview with our own Christian Folini during the AppSecEU conference in July. The 25min interview has been published lately. The interview discusses the project itself, the upcoming 3.1 release, plans to expand beyond ModSecurity and CRS fits into agile development. Here is the link to the interview: …

AppSec Podcast Interviewing CRS Project Co-Lead Christian Folini Read More »