Pages

Privacy Policy

Our project is part of the Open Worldwide Application Security Project (OWASP). This privacy policy will explain how our project uses the personal data we collect from you when you use our website.

Topics:

• What data do we collect?
• How do we collect your data?
• How will we use your data?
• How do we store your data?
• How do we use cookies?
• Subprocessors
• Changes to our privacy policy
• How to contact us
• How to contact the appropriate authorities

What data do we collect?

Our project collects the following data:

Videos

ModSecurity and NGINX: Tuning the OWASP Core Rule Set

BSides Winnipeg 2017: For The Win: Finding WAF Evasions and Verifying Fixes with FTW

AppSec USA 2017: WAFs FTW! A modern devops approach to security testing your WAF

AppSec EU 2017: Introducing the OWASP ModSecurity Core Rule Set 3.0

Nginx.conf 17: Secure your Apps with NGINX and the ModSecurity WAF

Area41 2016: Core Rules Paranoia Mode

Poster

The CRS3 poster was designed by Hugo Costa, OWASP’s graphical designer. It can be reused under a CC BY-ND license.

Support

We strive to make the OWASP CRS accessible to a wide audience of beginner and experienced users. We are interested in hearing any bug reports, false positive alert reports, evasions, usability issues, and suggestions for new detections.

Create an issue on GitHub to report a false positive or false negative (evasion). Please include your installed version and the relevant portions of your engine audit log. We will try and address your issue and potentially ask for additional information in order to reproduce your problem. Please also note that stale issues will be flagged and closed after 120 days. You can search for stale issues with the following search query.