SlideShare a Scribd company logo

What’s new in CRS4? An Update from the OWASP CRS project

C
Christian Folini

Latest news from planet CRS (June 2022)

Internet
1 of 39
Download to read offline
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Christian Folini / @ChrFolini What’s new in CRS4? An Update from the OWASP CRS project
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Plan for Today ⚫ Intro to the OWASP ModSecurity Core Rule Set ⚫ News from planet CRS ⚫ New features of upcoming major release CRS v4
Baseline / 1st Line of Defense Safety Belts
ModSecurity Embedded • Rule oriented • Granular Control
Redir.: RFI: LFI: XSS: SQLi: CRS3 Default Install Redir.: RFI: LFI: XSS: SQLi: 0% 0% -100% -82% -100% Research based on 4.5M Burp requests.
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Paranoia Level 1: Minimal number of false positives Baseline protection Paranoia Level 2: More rules, some false positives Real data in the service Paranoia Level 3: Specialized rules, more false positives Online banking level security Paranoia Level 4: Crazy rules, many false positives Nuclear power plant level security Paranoia Levels
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Numbers by Tuomo Makkonen https://blog.fraktal.fi/cloud-waf-comparison-part-2-e6e2d25f558c
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Article in Dark Reading: Transforming SQL Queries Bypasses WAF Security https://www.darkreading.com/cloud/transforming-sql-queries-bypasses-waf-security
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza ● Complete overhaul of CRS documentation
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza ● Complete overhaul of CRS documentation ● Launch of CRS Sandbox
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza ● Complete overhaul of CRS documentation ● Launch of CRS Sandbox ● Private Bug Bounty Program
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza ● Complete overhaul of CRS documentation ● Launch of CRS Sandbox ● Private Bug Bounty Program
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza ● Complete overhaul of CRS documentation ● Launch of CRS Sandbox ● Private Bug Bounty Program ● Dev-on-duty program
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Major Changes for CRS v4
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕 ● Early blocking 🆕
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕 ● Early blocking 🆕 ● Scoring vars and paranoia levels renaming
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕 ● Early blocking 🆕 ● Scoring vars and paranoia levels renaming ● Configurable reporting levels 🆕
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕 ● Early blocking 🆕 ● Scoring vars and paranoia levels renaming ● Configurable reporting levels 🆕 ● No longer dependent on PCRE, ready for Re2 / Hyperscan
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕 ● Early blocking 🆕 ● Scoring vars and paranoia levels renaming ● Configurable reporting levels 🆕 ● No longer dependent on PCRE, ready for Re2 / Hyperscan ● Quality: all rules have positive and negative tests!
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Existing Plugins ● All rule exclusions are now plugins ● Antivirus plugin 🆕 ● auto-decoding 🆕 ● body decompress 🆕 ● fake bot 🆕 ● google-oauth2 🆕
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Plugins in the making for v4 ● GeoIP plugin ● IP reputation
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 New Rules
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave New Rules ● SSRF
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave New Rules ● SSRF ● Email protocols (SMTP, POP3, IMAP)
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave New Rules ● SSRF ● Email protocols (SMTP, POP3, IMAP) ● Log4J / Log4Shell, Spring4Shell
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave New Rules ● SSRF ● Email protocols (SMTP, POP3, IMAP) ● Log4J / Log4Shell, Spring4Shell ● Common Webshell detection
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave New Rules ● SSRF ● Email protocols (SMTP, POP3, IMAP) ● Log4J / Log4Shell, Spring4Shell ● Common Webshell detection ● Improved the detection across the board for RCE and SQLi and many more
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 CRS v4 Release Plan
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS v4 Release Plan ● Originally planned for May / June 2022
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS v4 Release Plan ● Originally planned for May / June 2022 ● Shot to pieces by private Bug Bounty
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS v4 Release Plan ● Originally planned for May / June 2022 ● Shot to pieces by private Bug Bounty ● Need to fix litterally dozens of findings first
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS v4 Release Plan ● Originally planned for May / June 2022 ● Shot to pieces by private Bug Bounty ● Need to fix litterally dozens of findings first ● Expect backports of findings for existing release lines
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS v4 Release Plan ● Originally planned for May / June 2022 ● Shot to pieces by private Bug Bounty ● Need to fix litterally dozens of findings first ● Expect backports of findings for existing release lines ● New release plan after Summer
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS GOLD Sponsors CRS SILVER Sponsors
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Questions and Answers, Contact Contact: @ChrFolini christian.folini@owasp.org

Recommended

Packet tracer 6.2 new features
Packet tracer 6.2 new featuresPacket tracer 6.2 new features
Packet tracer 6.2 new featuresSebastien Langlois
 
Introduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule SetIntroduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule SetChristian Folini
 
RootedCON 2014 - Kicking around SCADA!
RootedCON 2014 - Kicking around SCADA!RootedCON 2014 - Kicking around SCADA!
RootedCON 2014 - Kicking around SCADA!testpurposes
 
TFI2014 Session II - Requirements for SDN - Brian Field
TFI2014 Session II - Requirements for SDN - Brian FieldTFI2014 Session II - Requirements for SDN - Brian Field
TFI2014 Session II - Requirements for SDN - Brian FieldColorado Internet Society (CO ISOC)
 
Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3Christian Folini
 
Securing Micro Services in Cloud Foundry
Securing Micro Services in Cloud FoundrySecuring Micro Services in Cloud Foundry
Securing Micro Services in Cloud FoundryPLUMgrid
 
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetExtensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetChristian Folini
 
Cisco ccie r&s v5 review
Cisco ccie r&s v5 reviewCisco ccie r&s v5 review
Cisco ccie r&s v5 reviewIT Tech
 

Recommended

Packet tracer 6.2 new features
Packet tracer 6.2 new featuresPacket tracer 6.2 new features
Packet tracer 6.2 new featuresSebastien Langlois
 
Introduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule SetIntroduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule SetChristian Folini
 
RootedCON 2014 - Kicking around SCADA!
RootedCON 2014 - Kicking around SCADA!RootedCON 2014 - Kicking around SCADA!
RootedCON 2014 - Kicking around SCADA!testpurposes
 
TFI2014 Session II - Requirements for SDN - Brian Field
TFI2014 Session II - Requirements for SDN - Brian FieldTFI2014 Session II - Requirements for SDN - Brian Field
TFI2014 Session II - Requirements for SDN - Brian FieldColorado Internet Society (CO ISOC)
 
Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3Christian Folini
 
Securing Micro Services in Cloud Foundry
Securing Micro Services in Cloud FoundrySecuring Micro Services in Cloud Foundry
Securing Micro Services in Cloud FoundryPLUMgrid
 
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetExtensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetChristian Folini
 
Cisco ccie r&s v5 review
Cisco ccie r&s v5 reviewCisco ccie r&s v5 review
Cisco ccie r&s v5 reviewIT Tech
 
OpenStack Ottawa MeetUp - April 3rd 2018
OpenStack Ottawa MeetUp - April 3rd 2018OpenStack Ottawa MeetUp - April 3rd 2018
OpenStack Ottawa MeetUp - April 3rd 2018Stacy Véronneau
 
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...RootedCON
 
Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]
Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]
Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]APNIC
 
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...sparkfabrik
 
Automated PCF Upgrades with Concourse
Automated PCF Upgrades with ConcourseAutomated PCF Upgrades with Concourse
Automated PCF Upgrades with ConcourseVMware Tanzu
 
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...Synopsys Software Integrity Group
 
CCIE R&S V5 Changes
CCIE R&S V5 ChangesCCIE R&S V5 Changes
CCIE R&S V5 ChangesJohn Berry
 
Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)
Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)
Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)London Microservices
 
FOSSology & GSOC Journey
FOSSology & GSOC JourneyFOSSology & GSOC Journey
FOSSology & GSOC JourneyGaurav Mishra
 
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipCloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipVMware Tanzu
 
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipCloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipMatt Stine
 
Drupal 8 and 9, Backwards Compatibility, and Drupal 8.5 update
Drupal 8 and 9, Backwards Compatibility, and Drupal 8.5 updateDrupal 8 and 9, Backwards Compatibility, and Drupal 8.5 update
Drupal 8 and 9, Backwards Compatibility, and Drupal 8.5 updateAngela Byron
 
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Cisco
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, CiscoApidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Cisco
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Ciscoapidays
 
Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4
Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4
Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4AgileSparks
 
Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...
Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...
Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...IO Visor Project
 
MyNOG 9: Vulnerability Reporting Program on a Shoestring Budget
MyNOG 9: Vulnerability Reporting Program on a Shoestring BudgetMyNOG 9: Vulnerability Reporting Program on a Shoestring Budget
MyNOG 9: Vulnerability Reporting Program on a Shoestring BudgetAPNIC
 
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...MyNOG
 
Implementing Raft in RabbitMQ
Implementing Raft in RabbitMQImplementing Raft in RabbitMQ
Implementing Raft in RabbitMQVMware Tanzu
 
Latest CAS News 2014
Latest CAS News 2014Latest CAS News 2014
Latest CAS News 2014Misagh Moayyed
 
OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16Shane Coughlan
 
OWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy endOWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy endChristian Folini
 
Crazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landCrazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landChristian Folini
 

More Related Content

Similar to What’s new in CRS4? An Update from the OWASP CRS project

OpenStack Ottawa MeetUp - April 3rd 2018
OpenStack Ottawa MeetUp - April 3rd 2018OpenStack Ottawa MeetUp - April 3rd 2018
OpenStack Ottawa MeetUp - April 3rd 2018Stacy Véronneau
 
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...RootedCON
 
Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]
Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]
Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]APNIC
 
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...sparkfabrik
 
Automated PCF Upgrades with Concourse
Automated PCF Upgrades with ConcourseAutomated PCF Upgrades with Concourse
Automated PCF Upgrades with ConcourseVMware Tanzu
 
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...Synopsys Software Integrity Group
 
CCIE R&S V5 Changes
CCIE R&S V5 ChangesCCIE R&S V5 Changes
CCIE R&S V5 ChangesJohn Berry
 
Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)
Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)
Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)London Microservices
 
FOSSology & GSOC Journey
FOSSology & GSOC JourneyFOSSology & GSOC Journey
FOSSology & GSOC JourneyGaurav Mishra
 
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipCloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipVMware Tanzu
 
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipCloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipMatt Stine
 
Drupal 8 and 9, Backwards Compatibility, and Drupal 8.5 update
Drupal 8 and 9, Backwards Compatibility, and Drupal 8.5 updateDrupal 8 and 9, Backwards Compatibility, and Drupal 8.5 update
Drupal 8 and 9, Backwards Compatibility, and Drupal 8.5 updateAngela Byron
 
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Cisco
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, CiscoApidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Cisco
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Ciscoapidays
 
Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4
Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4
Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4AgileSparks
 
Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...
Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...
Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...IO Visor Project
 
MyNOG 9: Vulnerability Reporting Program on a Shoestring Budget
MyNOG 9: Vulnerability Reporting Program on a Shoestring BudgetMyNOG 9: Vulnerability Reporting Program on a Shoestring Budget
MyNOG 9: Vulnerability Reporting Program on a Shoestring BudgetAPNIC
 
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...MyNOG
 
Implementing Raft in RabbitMQ
Implementing Raft in RabbitMQImplementing Raft in RabbitMQ
Implementing Raft in RabbitMQVMware Tanzu
 
OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16Shane Coughlan
 

Similar to What’s new in CRS4? An Update from the OWASP CRS project (20)

OpenStack Ottawa MeetUp - April 3rd 2018
OpenStack Ottawa MeetUp - April 3rd 2018OpenStack Ottawa MeetUp - April 3rd 2018
OpenStack Ottawa MeetUp - April 3rd 2018
 
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
 
Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]
Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]
Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]
 
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
 
Automated PCF Upgrades with Concourse
Automated PCF Upgrades with ConcourseAutomated PCF Upgrades with Concourse
Automated PCF Upgrades with Concourse
 
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
 
CCIE R&S V5 Changes
CCIE R&S V5 ChangesCCIE R&S V5 Changes
CCIE R&S V5 Changes
 
Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)
Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)
Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)
 
FOSSology & GSOC Journey
FOSSology & GSOC JourneyFOSSology & GSOC Journey
FOSSology & GSOC Journey
 
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipCloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
 
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipCloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
 
Drupal 8 and 9, Backwards Compatibility, and Drupal 8.5 update
Drupal 8 and 9, Backwards Compatibility, and Drupal 8.5 updateDrupal 8 and 9, Backwards Compatibility, and Drupal 8.5 update
Drupal 8 and 9, Backwards Compatibility, and Drupal 8.5 update
 
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Cisco
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, CiscoApidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Cisco
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Cisco
 
Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4
Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4
Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4
 
Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...
Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...
Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...
 
MyNOG 9: Vulnerability Reporting Program on a Shoestring Budget
MyNOG 9: Vulnerability Reporting Program on a Shoestring BudgetMyNOG 9: Vulnerability Reporting Program on a Shoestring Budget
MyNOG 9: Vulnerability Reporting Program on a Shoestring Budget
 
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...
 
Implementing Raft in RabbitMQ
Implementing Raft in RabbitMQImplementing Raft in RabbitMQ
Implementing Raft in RabbitMQ
 
Latest CAS News 2014
Latest CAS News 2014Latest CAS News 2014
Latest CAS News 2014
 
OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16
 

More from Christian Folini

OWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy endOWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy endChristian Folini
 
Crazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landCrazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landChristian Folini
 
Never Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP ProjectNever Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP ProjectChristian Folini
 
The Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in SwitzerlandThe Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in SwitzerlandChristian Folini
 
EVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein FortsetzungsromanEVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein FortsetzungsromanChristian Folini
 
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule SetSecuring Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule SetChristian Folini
 
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...Christian Folini
 
Gedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für DatenschützerGedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für DatenschützerChristian Folini
 
Medieval Castles and Modern Servers
Medieval Castles and Modern ServersMedieval Castles and Modern Servers
Medieval Castles and Modern ServersChristian Folini
 
E-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der ExpertenE-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der ExpertenChristian Folini
 
Black alps 2018-folini-d-dos
Black alps 2018-folini-d-dosBlack alps 2018-folini-d-dos
Black alps 2018-folini-d-dosChristian Folini
 
Optimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX PlusOptimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX PlusChristian Folini
 
A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017Christian Folini
 
Introducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule SetIntroducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule SetChristian Folini
 
OWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia ModeOWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia ModeChristian Folini
 

More from Christian Folini (15)

OWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy endOWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy end
 
Crazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landCrazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's land
 
Never Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP ProjectNever Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP Project
 
The Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in SwitzerlandThe Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in Switzerland
 
EVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein FortsetzungsromanEVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein Fortsetzungsroman
 
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule SetSecuring Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
 
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
 
Gedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für DatenschützerGedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für Datenschützer
 
Medieval Castles and Modern Servers
Medieval Castles and Modern ServersMedieval Castles and Modern Servers
Medieval Castles and Modern Servers
 
E-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der ExpertenE-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der Experten
 
Black alps 2018-folini-d-dos
Black alps 2018-folini-d-dosBlack alps 2018-folini-d-dos
Black alps 2018-folini-d-dos
 
Optimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX PlusOptimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX Plus
 
A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017
 
Introducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule SetIntroducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule Set
 
OWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia ModeOWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia Mode
 

Recently uploaded

Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaimessage0108
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 

Recently uploaded (20)

Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Gram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of indiaGram Darshan PPT cyber rural in villages of india
Gram Darshan PPT cyber rural in villages of india
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya ShirtChallengers I Told Ya Shirt
Challengers I Told Ya ShirtChallengers I Told Ya Shirt
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 

What’s new in CRS4? An Update from the OWASP CRS project

  • 1. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Christian Folini / @ChrFolini What’s new in CRS4? An Update from the OWASP CRS project
  • 2. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Plan for Today ⚫ Intro to the OWASP ModSecurity Core Rule Set ⚫ News from planet CRS ⚫ New features of upcoming major release CRS v4
  • 3. Baseline / 1st Line of Defense Safety Belts
  • 4. ModSecurity Embedded • Rule oriented • Granular Control
  • 5.
  • 7. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Paranoia Level 1: Minimal number of false positives Baseline protection Paranoia Level 2: More rules, some false positives Real data in the service Paranoia Level 3: Specialized rules, more false positives Online banking level security Paranoia Level 4: Crazy rules, many false positives Nuclear power plant level security Paranoia Levels
  • 8. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Numbers by Tuomo Makkonen https://blog.fraktal.fi/cloud-waf-comparison-part-2-e6e2d25f558c
  • 9. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Article in Dark Reading: Transforming SQL Queries Bypasses WAF Security https://www.darkreading.com/cloud/transforming-sql-queries-bypasses-waf-security
  • 10. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity
  • 11. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza
  • 12. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza ● Complete overhaul of CRS documentation
  • 13. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza ● Complete overhaul of CRS documentation ● Launch of CRS Sandbox
  • 14. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza ● Complete overhaul of CRS documentation ● Launch of CRS Sandbox ● Private Bug Bounty Program
  • 15. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza ● Complete overhaul of CRS documentation ● Launch of CRS Sandbox ● Private Bug Bounty Program
  • 16. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza ● Complete overhaul of CRS documentation ● Launch of CRS Sandbox ● Private Bug Bounty Program ● Dev-on-duty program
  • 17. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Major Changes for CRS v4
  • 18. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕
  • 19. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕 ● Early blocking 🆕
  • 20. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕 ● Early blocking 🆕 ● Scoring vars and paranoia levels renaming
  • 21. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕 ● Early blocking 🆕 ● Scoring vars and paranoia levels renaming ● Configurable reporting levels 🆕
  • 22. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕 ● Early blocking 🆕 ● Scoring vars and paranoia levels renaming ● Configurable reporting levels 🆕 ● No longer dependent on PCRE, ready for Re2 / Hyperscan
  • 23. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕 ● Early blocking 🆕 ● Scoring vars and paranoia levels renaming ● Configurable reporting levels 🆕 ● No longer dependent on PCRE, ready for Re2 / Hyperscan ● Quality: all rules have positive and negative tests!
  • 24. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Existing Plugins ● All rule exclusions are now plugins ● Antivirus plugin 🆕 ● auto-decoding 🆕 ● body decompress 🆕 ● fake bot 🆕 ● google-oauth2 🆕
  • 25. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Plugins in the making for v4 ● GeoIP plugin ● IP reputation
  • 26. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 New Rules
  • 27. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave New Rules ● SSRF
  • 28. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave New Rules ● SSRF ● Email protocols (SMTP, POP3, IMAP)
  • 29. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave New Rules ● SSRF ● Email protocols (SMTP, POP3, IMAP) ● Log4J / Log4Shell, Spring4Shell
  • 30. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave New Rules ● SSRF ● Email protocols (SMTP, POP3, IMAP) ● Log4J / Log4Shell, Spring4Shell ● Common Webshell detection
  • 31. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave New Rules ● SSRF ● Email protocols (SMTP, POP3, IMAP) ● Log4J / Log4Shell, Spring4Shell ● Common Webshell detection ● Improved the detection across the board for RCE and SQLi and many more
  • 32. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 CRS v4 Release Plan
  • 33. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS v4 Release Plan ● Originally planned for May / June 2022
  • 34. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS v4 Release Plan ● Originally planned for May / June 2022 ● Shot to pieces by private Bug Bounty
  • 35. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS v4 Release Plan ● Originally planned for May / June 2022 ● Shot to pieces by private Bug Bounty ● Need to fix litterally dozens of findings first
  • 36. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS v4 Release Plan ● Originally planned for May / June 2022 ● Shot to pieces by private Bug Bounty ● Need to fix litterally dozens of findings first ● Expect backports of findings for existing release lines
  • 37. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS v4 Release Plan ● Originally planned for May / June 2022 ● Shot to pieces by private Bug Bounty ● Need to fix litterally dozens of findings first ● Expect backports of findings for existing release lines ● New release plan after Summer
  • 38. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS GOLD Sponsors CRS SILVER Sponsors
  • 39. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Questions and Answers, Contact Contact: @ChrFolini christian.folini@owasp.org