Blog

Core Rule Set Project Won a German OSBAR Award!

The OWASP ModSecurity Core Rule Set Project is very excited about winning one of the OSBAR awards of the German Open Source Business Alliance. The prize is awarded to projects, start-ups and outstanding ideas from the open source environment. The increased attention should make it easier for the award winners to attract users, developers and …

Core Rule Set Project Won a German OSBAR Award! Read More »

New ModSecurity / CRS Courses Announced

Feisty Duck announced two new ModSecurity / Core Rule Set courses: - Zurich, February 19/20, 2018 - Frankfurt, March 5/6, 2018 Additional trainings in Spring are likely to happen in Geneva and Amsterdam (on popular request). Additionally, teacher Christian Folini, will also be holding a ModSecurity on NGINX Webinar with O'Reilly on January 9. The …

New ModSecurity / CRS Courses Announced Read More »

Disassembling SQLi Rules

Introduction I would like to explain my work disassembling highly optimized regular expressions. A project like this might discourage many people, but to me, it is very exciting work! I like this kind of investigative work and want to explain what, exactly, I did, why I did it and how! What's the problem? The SQLi …

Disassembling SQLi Rules Read More »

CRS Project News November

This is the CRS newsletter covering the period from Early October until today. We held our monthly community chat. We had quite a few people stop by. Special thanks to our active participants: dune73 fzipi csanders franbuehler emphazer spartantri luketheduke techair jose_ airween athmane bostrt During the chat we discussed the following Promotion of 3 …

CRS Project News November Read More »

CRS Project News October 2017

This is the CRS newsletter covering the period from Early September until today. We held our monthly community chat. We had quite a few people stop by. Special thanks to our active participants: dune73 fzipi csanders franbuehler lifeforms emphazer fgs squared spartantri ossie buddyleer During the chat we discussed the following We will be moving …

CRS Project News October 2017 Read More »

OptionsBleed Defenses

This week we saw the release of another named vulnerability (-_-). This time it was entitled: Optionsbleed. While the name provided is meant in reference to Heartbleed, this vulnerability isn't nearly as far reaching. The vulnerability only affected Apache hosts with a very particular configuration and as a result only 0.0466% of the Alexa top …

OptionsBleed Defenses Read More »