Uncategorized

OWASP ModSecurity Core Rule Set v3.3.0 Release Candidate 1 available

The OWASP ModSecurity Core Rule Set team is proud to announce the release candidate 1 for the upcoming CRS v3.3.0 release. The release candidate is available at: https://github.com/coreruleset/coreruleset/archive/v3.3.0-rc1.tar.gz https://github.com/coreruleset/coreruleset/archive/v3.3.0-rc1.zip This release packages many changes, such as: New rule to detect LDAP injection New HTTP Splitting rule Block backup files ending with ~ in filename Detect …

OWASP ModSecurity Core Rule Set v3.3.0 Release Candidate 1 available Read More »

Core Rule Set Docker Image

The Core Rule Set is installed in just four steps, as described in the Installation Guide. Now, it’s even easier using the CRS Docker container. The effort to start the CRS in front of an application is reduced to a few seconds and only one command. Franziska Bühler, one of the CRS developers, enhanced the …

Core Rule Set Docker Image Read More »

Announcement: OWASP ModSecurity Core Rule Set Version 3.1.0

The OWASP Core Rule Set team is happy to announce the CRS release v3.1.0 at last. A wee bit over 2 years in the making, this major release represents a big step forward in terms of capabilities, usability and protection. Key features include: * A new set of rules defending against Java injections * Initial …

Announcement: OWASP ModSecurity Core Rule Set Version 3.1.0 Read More »

Some Thoughts on why Web Application Firewalls Really Make a Difference

This is a guest piece by Jamie Riden  / @pedantic_hacker. Jamie has been doing penetration tests, secure development training and security code review since 2010 – and other kinds of computer-wrangling for much, much longer. Having been a systems engineer, a coder and now a pen-tester, I’d like to take a brief moment of your …

Some Thoughts on why Web Application Firewalls Really Make a Difference Read More »