Privacy Policy

Our project is part of the Open Worldwide Application Security Project (OWASP). This privacy policy will explain how our project uses the personal data we collect from you when you use our website. Topics: What data do we collect? How do we collect your data? How will we use your data? How do we store your data? How do we use cookies? Subprocessors Changes to our privacy policy How to contact us How to contact the appropriate authorities What data do we collect?


ModSecurity and NGINX: Tuning the OWASP Core Rule Set Play Video on YouTube BSides Winnipeg 2017: For The Win: Finding WAF Evasions and Verifying Fixes with FTW Play Video on YouTube AppSec USA 2017: WAFs FTW! A modern devops approach to security testing your WAF Play Video on YouTube AppSec EU 2017: Introducing the OWASP ModSecurity Core Rule Set 3.0 Play Video on YouTube Nginx.conf 17: Secure your Apps with NGINX and the ModSecurity WAF Play Video on YouTube Area41 2016: Core Rules Paranoia Mode Play Video on YouTube


The CRS3 poster was designed by Hugo Costa, OWASP’s graphical designer. It can be reused under a CC BY-ND license.


We strive to make the OWASP CRS accessible to a wide audience of beginner and experienced users. We are interested in hearing any bug reports, false positive alert reports, evasions, usability issues, and suggestions for new detections. Create an issue on GitHub to report a false positive or false negative (evasion). Please include your installed version and the relevant portions of your engine audit log. We will try and address your issue and potentially ask for additional information in order to reproduce your problem.