We are launching the monthly news anew. The idea is to look beyond the pure CRS development again and to bring you additional information that touch on our project. As the editor, I (-> Christian Folini) am planning to release this in the first half of the month. This did not work in July, though, …
This is a brief coverage of the CRS Community Summit during AppSecEU in London last week. Over 25 people followed our call for this first face to face meeting of the CRS developer team (6 of 10 developers with commit rights in the same room!) and the community. We have been very happy to have …
Reporting from the First CRS Community Summit in London Read More »
The very first meetup of the CRS community is only one week away now and it’s time to announce our program. As stated here on the blog before, this is meant as an opportunity to build ties, to get inspiration from the community and to understand what people are doing with CRS. So there are …
CRS Community Summit next week: Call for Posters and the Program is Ready Read More »
A Web Application Firewall (WAF) raises concerns that it does not fit into the DevOps methodology. The problem is that when a WAF is added to production, the impact on the application is tested too late. The application developer gets extremely late feedback and the WAF could break the application. This can lead to production …
The Core Rule Set as Part of DevOps (CI pipeline) Read More »
The organisation of the CRS community summit at the OWASP AppSecEU conference is coming along nicely. Remember, we are going to meet in London on Wednesday, July 4 at 4pm, to talk about CRS, and about the way our users, our integrators and their users work with CRS. The program will include information about CRS …
Registration Open for the CRS Community Summit on July 4 Read More »
The OWASP ModSecurity Core Rule Set project will meet on Wednesday July 4, at 4pm in London to hold it’s first community summit. We scheduled this for the night before the AppSecEU conference in London on Thursday and Friday so people would have a real incentive to make the trip. Truth be told, the three …
Save the Date: CRS Community Summit on July 4, 2018 Read More »
This is the CRS newsletter covering the period from Early February until today. We held our monthly community chat. We had quite a few people stop by. csanders lifeforms franbuehler emphazer dune73 agi squared fzipi_ spartantri Our agenda from before the chat is available here. During the chat we discussed the following: We added support …
So many technologies in one title! Recently I’ve been spending quite a bit of time investigating ModSecurity as a potential replacement Web Application Firewall, and I’ve had some really positive results. The purpose of this post is to share with you how I’ve set this up, so you can do something similar yourself. After all, who wouldn’t …
Creating an OpenWAF solution with Nginx, ElasticSearch and ModSecurity [x-post] Read More »
To help our customers secure their sites and applications — while continuing to give their users reliable online experiences — we’ve built a performant, highly configurable, and comprehensive Web Application Firewall (WAF). In our last post, we shared some of the tech behind our WAF, including how we chose our ruleset and leverage our findings. In …
Site administrators put in a web application firewall (WAF) to block malicious or dangerous web traffic, but at the risk of blocking some valid traffic as well. A false positive is an instance of your WAF blocking a valid request. False positives are the natural enemy of every WAF installation. Each false positive means two …
How to tune your WAF installation to reduce false positives [x-post] Read More »