A security problem with the OWASP ModSecurity Core Rule Set has been brought to our attention recently. The CRS team is now working on a fix that will be released on Wednesday as 3.1.2, 3.2.1 and 3.3.2. We will make sure to keep the changeset of these bugfix releases minimal in order to allow fast …
The OWASP ModSecurity Core Rule Set team is proud to announce the release candidate 1 for the upcoming CRS v3.3.1 release. The release candidate is available at: https://github.com/coreruleset/coreruleset/archive/v3.3.1-rc1.tar.gz https://github.com/coreruleset/coreruleset/archive/v3.3.1-rc1.zip This is a maintenance release, containing the following changes: Run rules as early as possible, by decreasing phase:2 to phase:1 and phase:4 to phase:3 where the …
OWASP ModSecurity Core Rule Set v3.3.1 Release Candidate 1 available Read More »
The OWASP ModSecurity Core Rule Set team is proud to announce the release candidate 1 for the upcoming CRS v3.3.0 release. The release candidate is available at: https://github.com/coreruleset/coreruleset/archive/v3.3.0-rc1.tar.gz https://github.com/coreruleset/coreruleset/archive/v3.3.0-rc1.zip This release packages many changes, such as: New rule to detect LDAP injection New HTTP Splitting rule Block backup files ending with ~ in filename Detect …
OWASP ModSecurity Core Rule Set v3.3.0 Release Candidate 1 available Read More »
We are back with the CRS project news. The news are running very, very late in the month as I've been held up with other projects. What has happened in recent weeks Miyuru Sankalpa has started to publish a transformed GeoIP database in the legacy format readable by ModSecurity 2.x under a creative commons. This …
The Core Rule Set is installed in just four steps, as described in the Installation Guide. Now, it's even easier using the CRS Docker container. The effort to start the CRS in front of an application is reduced to a few seconds and only one command. Franziska Bühler, one of the CRS developers, enhanced the …
The OWASP Core Rule Set team is happy to announce the CRS release v3.1.0 at last. A wee bit over 2 years in the making, this major release represents a big step forward in terms of capabilities, usability and protection. Key features include: * A new set of rules defending against Java injections * Initial …
Announcement: OWASP ModSecurity Core Rule Set Version 3.1.0 Read More »
This is a guest piece by Jamie Riden / @pedantic_hacker. Jamie has been doing penetration tests, secure development training and security code review since 2010 - and other kinds of computer-wrangling for much, much longer. Having been a systems engineer, a coder and now a pen-tester, I'd like to take a brief moment of your …
Some Thoughts on why Web Application Firewalls Really Make a Difference Read More »