SlideShare a Scribd company logo

What’s new in CRS4? An Update from the OWASP CRS project

C
Christian Folini

Latest news from planet CRS (June 2022)

Internet
1 of 39
Download to read offline
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Christian Folini / @ChrFolini What’s new in CRS4? An Update from the OWASP CRS project
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Plan for Today ⚫ Intro to the OWASP ModSecurity Core Rule Set ⚫ News from planet CRS ⚫ New features of upcoming major release CRS v4
Baseline / 1st Line of Defense Safety Belts
ModSecurity Embedded • Rule oriented • Granular Control
Redir.: RFI: LFI: XSS: SQLi: CRS3 Default Install Redir.: RFI: LFI: XSS: SQLi: 0% 0% -100% -82% -100% Research based on 4.5M Burp requests.
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Paranoia Level 1: Minimal number of false positives Baseline protection Paranoia Level 2: More rules, some false positives Real data in the service Paranoia Level 3: Specialized rules, more false positives Online banking level security Paranoia Level 4: Crazy rules, many false positives Nuclear power plant level security Paranoia Levels
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Numbers by Tuomo Makkonen https://blog.fraktal.fi/cloud-waf-comparison-part-2-e6e2d25f558c
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Article in Dark Reading: Transforming SQL Queries Bypasses WAF Security https://www.darkreading.com/cloud/transforming-sql-queries-bypasses-waf-security
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza ● Complete overhaul of CRS documentation
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza ● Complete overhaul of CRS documentation ● Launch of CRS Sandbox
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza ● Complete overhaul of CRS documentation ● Launch of CRS Sandbox ● Private Bug Bounty Program
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza ● Complete overhaul of CRS documentation ● Launch of CRS Sandbox ● Private Bug Bounty Program
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza ● Complete overhaul of CRS documentation ● Launch of CRS Sandbox ● Private Bug Bounty Program ● Dev-on-duty program
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Major Changes for CRS v4
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕 ● Early blocking 🆕
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕 ● Early blocking 🆕 ● Scoring vars and paranoia levels renaming
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕 ● Early blocking 🆕 ● Scoring vars and paranoia levels renaming ● Configurable reporting levels 🆕
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕 ● Early blocking 🆕 ● Scoring vars and paranoia levels renaming ● Configurable reporting levels 🆕 ● No longer dependent on PCRE, ready for Re2 / Hyperscan
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕 ● Early blocking 🆕 ● Scoring vars and paranoia levels renaming ● Configurable reporting levels 🆕 ● No longer dependent on PCRE, ready for Re2 / Hyperscan ● Quality: all rules have positive and negative tests!
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Existing Plugins ● All rule exclusions are now plugins ● Antivirus plugin 🆕 ● auto-decoding 🆕 ● body decompress 🆕 ● fake bot 🆕 ● google-oauth2 🆕
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Plugins in the making for v4 ● GeoIP plugin ● IP reputation
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 New Rules
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave New Rules ● SSRF
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave New Rules ● SSRF ● Email protocols (SMTP, POP3, IMAP)
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave New Rules ● SSRF ● Email protocols (SMTP, POP3, IMAP) ● Log4J / Log4Shell, Spring4Shell
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave New Rules ● SSRF ● Email protocols (SMTP, POP3, IMAP) ● Log4J / Log4Shell, Spring4Shell ● Common Webshell detection
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave New Rules ● SSRF ● Email protocols (SMTP, POP3, IMAP) ● Log4J / Log4Shell, Spring4Shell ● Common Webshell detection ● Improved the detection across the board for RCE and SQLi and many more
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 CRS v4 Release Plan
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS v4 Release Plan ● Originally planned for May / June 2022
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS v4 Release Plan ● Originally planned for May / June 2022 ● Shot to pieces by private Bug Bounty
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS v4 Release Plan ● Originally planned for May / June 2022 ● Shot to pieces by private Bug Bounty ● Need to fix litterally dozens of findings first
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS v4 Release Plan ● Originally planned for May / June 2022 ● Shot to pieces by private Bug Bounty ● Need to fix litterally dozens of findings first ● Expect backports of findings for existing release lines
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS v4 Release Plan ● Originally planned for May / June 2022 ● Shot to pieces by private Bug Bounty ● Need to fix litterally dozens of findings first ● Expect backports of findings for existing release lines ● New release plan after Summer
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS GOLD Sponsors CRS SILVER Sponsors
@ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Questions and Answers, Contact Contact: @ChrFolini christian.folini@owasp.org

Recommended

Packet tracer 6.2 new features
Packet tracer 6.2 new featuresPacket tracer 6.2 new features
Packet tracer 6.2 new featuresSebastien Langlois
 
Introduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule SetIntroduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule SetChristian Folini
 
RootedCON 2014 - Kicking around SCADA!
RootedCON 2014 - Kicking around SCADA!RootedCON 2014 - Kicking around SCADA!
RootedCON 2014 - Kicking around SCADA!testpurposes
 
TFI2014 Session II - Requirements for SDN - Brian Field
TFI2014 Session II - Requirements for SDN - Brian FieldTFI2014 Session II - Requirements for SDN - Brian Field
TFI2014 Session II - Requirements for SDN - Brian FieldColorado Internet Society (CO ISOC)
 
Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3Christian Folini
 
Securing Micro Services in Cloud Foundry
Securing Micro Services in Cloud FoundrySecuring Micro Services in Cloud Foundry
Securing Micro Services in Cloud FoundryPLUMgrid
 
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetExtensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetChristian Folini
 
Cisco ccie r&s v5 review
Cisco ccie r&s v5 reviewCisco ccie r&s v5 review
Cisco ccie r&s v5 reviewIT Tech
 

Recommended

Packet tracer 6.2 new features
Packet tracer 6.2 new featuresPacket tracer 6.2 new features
Packet tracer 6.2 new featuresSebastien Langlois
 
Introduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule SetIntroduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule SetChristian Folini
 
RootedCON 2014 - Kicking around SCADA!
RootedCON 2014 - Kicking around SCADA!RootedCON 2014 - Kicking around SCADA!
RootedCON 2014 - Kicking around SCADA!testpurposes
 
TFI2014 Session II - Requirements for SDN - Brian Field
TFI2014 Session II - Requirements for SDN - Brian FieldTFI2014 Session II - Requirements for SDN - Brian Field
TFI2014 Session II - Requirements for SDN - Brian FieldColorado Internet Society (CO ISOC)
 
Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3Christian Folini
 
Securing Micro Services in Cloud Foundry
Securing Micro Services in Cloud FoundrySecuring Micro Services in Cloud Foundry
Securing Micro Services in Cloud FoundryPLUMgrid
 
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetExtensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetChristian Folini
 
Cisco ccie r&s v5 review
Cisco ccie r&s v5 reviewCisco ccie r&s v5 review
Cisco ccie r&s v5 reviewIT Tech
 
OpenStack Ottawa MeetUp - April 3rd 2018
OpenStack Ottawa MeetUp - April 3rd 2018OpenStack Ottawa MeetUp - April 3rd 2018
OpenStack Ottawa MeetUp - April 3rd 2018Stacy Véronneau
 
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...RootedCON
 
Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]
Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]
Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]APNIC
 
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...sparkfabrik
 
Automated PCF Upgrades with Concourse
Automated PCF Upgrades with ConcourseAutomated PCF Upgrades with Concourse
Automated PCF Upgrades with ConcourseVMware Tanzu
 
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...Synopsys Software Integrity Group
 
CCIE R&S V5 Changes
CCIE R&S V5 ChangesCCIE R&S V5 Changes
CCIE R&S V5 ChangesJohn Berry
 
Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)
Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)
Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)London Microservices
 
FOSSology & GSOC Journey
FOSSology & GSOC JourneyFOSSology & GSOC Journey
FOSSology & GSOC JourneyGaurav Mishra
 
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipCloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipVMware Tanzu
 
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipCloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipMatt Stine
 
Drupal 8 and 9, Backwards Compatibility, and Drupal 8.5 update
Drupal 8 and 9, Backwards Compatibility, and Drupal 8.5 updateDrupal 8 and 9, Backwards Compatibility, and Drupal 8.5 update
Drupal 8 and 9, Backwards Compatibility, and Drupal 8.5 updateAngela Byron
 
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Cisco
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, CiscoApidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Cisco
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Ciscoapidays
 
Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4
Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4
Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4AgileSparks
 
Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...
Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...
Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...IO Visor Project
 
MyNOG 9: Vulnerability Reporting Program on a Shoestring Budget
MyNOG 9: Vulnerability Reporting Program on a Shoestring BudgetMyNOG 9: Vulnerability Reporting Program on a Shoestring Budget
MyNOG 9: Vulnerability Reporting Program on a Shoestring BudgetAPNIC
 
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...MyNOG
 
Implementing Raft in RabbitMQ
Implementing Raft in RabbitMQImplementing Raft in RabbitMQ
Implementing Raft in RabbitMQVMware Tanzu
 
Latest CAS News 2014
Latest CAS News 2014Latest CAS News 2014
Latest CAS News 2014Misagh Moayyed
 
OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16Shane Coughlan
 
OWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy endOWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy endChristian Folini
 
Crazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landCrazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landChristian Folini
 

More Related Content

Similar to What’s new in CRS4? An Update from the OWASP CRS project

OpenStack Ottawa MeetUp - April 3rd 2018
OpenStack Ottawa MeetUp - April 3rd 2018OpenStack Ottawa MeetUp - April 3rd 2018
OpenStack Ottawa MeetUp - April 3rd 2018Stacy Véronneau
 
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...RootedCON
 
Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]
Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]
Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]APNIC
 
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...sparkfabrik
 
Automated PCF Upgrades with Concourse
Automated PCF Upgrades with ConcourseAutomated PCF Upgrades with Concourse
Automated PCF Upgrades with ConcourseVMware Tanzu
 
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...Synopsys Software Integrity Group
 
CCIE R&S V5 Changes
CCIE R&S V5 ChangesCCIE R&S V5 Changes
CCIE R&S V5 ChangesJohn Berry
 
Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)
Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)
Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)London Microservices
 
FOSSology & GSOC Journey
FOSSology & GSOC JourneyFOSSology & GSOC Journey
FOSSology & GSOC JourneyGaurav Mishra
 
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipCloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipVMware Tanzu
 
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipCloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipMatt Stine
 
Drupal 8 and 9, Backwards Compatibility, and Drupal 8.5 update
Drupal 8 and 9, Backwards Compatibility, and Drupal 8.5 updateDrupal 8 and 9, Backwards Compatibility, and Drupal 8.5 update
Drupal 8 and 9, Backwards Compatibility, and Drupal 8.5 updateAngela Byron
 
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Cisco
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, CiscoApidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Cisco
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Ciscoapidays
 
Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4
Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4
Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4AgileSparks
 
Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...
Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...
Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...IO Visor Project
 
MyNOG 9: Vulnerability Reporting Program on a Shoestring Budget
MyNOG 9: Vulnerability Reporting Program on a Shoestring BudgetMyNOG 9: Vulnerability Reporting Program on a Shoestring Budget
MyNOG 9: Vulnerability Reporting Program on a Shoestring BudgetAPNIC
 
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...MyNOG
 
Implementing Raft in RabbitMQ
Implementing Raft in RabbitMQImplementing Raft in RabbitMQ
Implementing Raft in RabbitMQVMware Tanzu
 
OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16Shane Coughlan
 

Similar to What’s new in CRS4? An Update from the OWASP CRS project (20)

OpenStack Ottawa MeetUp - April 3rd 2018
OpenStack Ottawa MeetUp - April 3rd 2018OpenStack Ottawa MeetUp - April 3rd 2018
OpenStack Ottawa MeetUp - April 3rd 2018
 
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
Juan Vazquez & Julián Vilas – Tú a Barcelona y yo a Tejas, a patadas con mi S...
 
Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]
Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]
Cisco IPv6 Deployment Statics, by Shishio Tsuchiya [APRICOT 2015]
 
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
CodeMotion 2023 - Deep dive nella supply chain della nostra infrastruttura cl...
 
Automated PCF Upgrades with Concourse
Automated PCF Upgrades with ConcourseAutomated PCF Upgrades with Concourse
Automated PCF Upgrades with Concourse
 
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
Synopsys Security Event Israel Presentation: New AppSec Paradigms with Open S...
 
CCIE R&S V5 Changes
CCIE R&S V5 ChangesCCIE R&S V5 Changes
CCIE R&S V5 Changes
 
Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)
Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)
Hidden secrets of the Deliveroo Application Platform (Ben Cordero, Deliveroo)
 
FOSSology & GSOC Journey
FOSSology & GSOC JourneyFOSSology & GSOC Journey
FOSSology & GSOC Journey
 
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipCloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
 
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic RelationshipCloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
Cloud Foundry and Microservices: A Mutualistic Symbiotic Relationship
 
Drupal 8 and 9, Backwards Compatibility, and Drupal 8.5 update
Drupal 8 and 9, Backwards Compatibility, and Drupal 8.5 updateDrupal 8 and 9, Backwards Compatibility, and Drupal 8.5 update
Drupal 8 and 9, Backwards Compatibility, and Drupal 8.5 update
 
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Cisco
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, CiscoApidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Cisco
Apidays Paris 2023 - Managing OpenAPI Documents at Scale, Stéve Sfartz, Cisco
 
Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4
Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4
Harmonic's Journey Scaled-Agile In The New Generation of Cable OS v4
 
Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...
Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...
Using IO Visor to Secure Microservices Running on CloudFoundry [OpenStack Sum...
 
MyNOG 9: Vulnerability Reporting Program on a Shoestring Budget
MyNOG 9: Vulnerability Reporting Program on a Shoestring BudgetMyNOG 9: Vulnerability Reporting Program on a Shoestring Budget
MyNOG 9: Vulnerability Reporting Program on a Shoestring Budget
 
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...
Vulnerability Reporting Program on a Shoestring Budget by Jamie Gillespie, A...
 
Implementing Raft in RabbitMQ
Implementing Raft in RabbitMQImplementing Raft in RabbitMQ
Implementing Raft in RabbitMQ
 
Latest CAS News 2014
Latest CAS News 2014Latest CAS News 2014
Latest CAS News 2014
 
OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16OpenChain Germany Work Group Meeting 2022-11-16
OpenChain Germany Work Group Meeting 2022-11-16
 

More from Christian Folini

OWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy endOWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy endChristian Folini
 
Crazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landCrazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landChristian Folini
 
Never Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP ProjectNever Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP ProjectChristian Folini
 
The Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in SwitzerlandThe Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in SwitzerlandChristian Folini
 
EVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein FortsetzungsromanEVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein FortsetzungsromanChristian Folini
 
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule SetSecuring Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule SetChristian Folini
 
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...Christian Folini
 
Gedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für DatenschützerGedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für DatenschützerChristian Folini
 
Medieval Castles and Modern Servers
Medieval Castles and Modern ServersMedieval Castles and Modern Servers
Medieval Castles and Modern ServersChristian Folini
 
E-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der ExpertenE-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der ExpertenChristian Folini
 
Black alps 2018-folini-d-dos
Black alps 2018-folini-d-dosBlack alps 2018-folini-d-dos
Black alps 2018-folini-d-dosChristian Folini
 
Optimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX PlusOptimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX PlusChristian Folini
 
A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017Christian Folini
 
Introducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule SetIntroducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule SetChristian Folini
 
OWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia ModeOWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia ModeChristian Folini
 

More from Christian Folini (15)

OWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy endOWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy end
 
Crazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's landCrazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's land
 
Never Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP ProjectNever Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP Project
 
The Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in SwitzerlandThe Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in Switzerland
 
EVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein FortsetzungsromanEVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein Fortsetzungsroman
 
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule SetSecuring Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
 
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
 
Gedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für DatenschützerGedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für Datenschützer
 
Medieval Castles and Modern Servers
Medieval Castles and Modern ServersMedieval Castles and Modern Servers
Medieval Castles and Modern Servers
 
E-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der ExpertenE-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der Experten
 
Black alps 2018-folini-d-dos
Black alps 2018-folini-d-dosBlack alps 2018-folini-d-dos
Black alps 2018-folini-d-dos
 
Optimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX PlusOptimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX Plus
 
A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017
 
Introducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule SetIntroducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule Set
 
OWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia ModeOWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia Mode
 

Recently uploaded

₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.soniya singh
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Call Girls in Nagpur High Profile
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...tanu pandey
 
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.CarlotaBedoya1
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...Escorts Call Girls
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 

Recently uploaded (20)

₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 26 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Sarai Rohilla Escort Service Delhi N.C.R.
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
 
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
Top Rated Pune Call Girls Daund ⟟ 6297143586 ⟟ Call Me For Genuine Sex Servi...
 
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
Nanded City ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready ...
 
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
INDIVIDUAL ASSIGNMENT #3 CBG, PRESENTATION.
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
Dwarka Sector 26 Call Girls | Delhi | 9999965857 🫦 Vanshika Verma More Our Se...
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 

What’s new in CRS4? An Update from the OWASP CRS project

  • 1. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Christian Folini / @ChrFolini What’s new in CRS4? An Update from the OWASP CRS project
  • 2. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Plan for Today ⚫ Intro to the OWASP ModSecurity Core Rule Set ⚫ News from planet CRS ⚫ New features of upcoming major release CRS v4
  • 3. Baseline / 1st Line of Defense Safety Belts
  • 4. ModSecurity Embedded • Rule oriented • Granular Control
  • 5.
  • 7. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Paranoia Level 1: Minimal number of false positives Baseline protection Paranoia Level 2: More rules, some false positives Real data in the service Paranoia Level 3: Specialized rules, more false positives Online banking level security Paranoia Level 4: Crazy rules, many false positives Nuclear power plant level security Paranoia Levels
  • 8. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Numbers by Tuomo Makkonen https://blog.fraktal.fi/cloud-waf-comparison-part-2-e6e2d25f558c
  • 9. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Article in Dark Reading: Transforming SQL Queries Bypasses WAF Security https://www.darkreading.com/cloud/transforming-sql-queries-bypasses-waf-security
  • 10. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity
  • 11. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza
  • 12. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza ● Complete overhaul of CRS documentation
  • 13. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza ● Complete overhaul of CRS documentation ● Launch of CRS Sandbox
  • 14. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza ● Complete overhaul of CRS documentation ● Launch of CRS Sandbox ● Private Bug Bounty Program
  • 15. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza ● Complete overhaul of CRS documentation ● Launch of CRS Sandbox ● Private Bug Bounty Program
  • 16. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave News from Planet CRS ● Trustwave announces EOL for their ModSecurity ● New open source WAF engine: Coraza ● Complete overhaul of CRS documentation ● Launch of CRS Sandbox ● Private Bug Bounty Program ● Dev-on-duty program
  • 17. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Major Changes for CRS v4
  • 18. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕
  • 19. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕 ● Early blocking 🆕
  • 20. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕 ● Early blocking 🆕 ● Scoring vars and paranoia levels renaming
  • 21. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕 ● Early blocking 🆕 ● Scoring vars and paranoia levels renaming ● Configurable reporting levels 🆕
  • 22. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕 ● Early blocking 🆕 ● Scoring vars and paranoia levels renaming ● Configurable reporting levels 🆕 ● No longer dependent on PCRE, ready for Re2 / Hyperscan
  • 23. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Major Changes for CRS v4 ● Plugins architecture 🆕 ● Early blocking 🆕 ● Scoring vars and paranoia levels renaming ● Configurable reporting levels 🆕 ● No longer dependent on PCRE, ready for Re2 / Hyperscan ● Quality: all rules have positive and negative tests!
  • 24. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Existing Plugins ● All rule exclusions are now plugins ● Antivirus plugin 🆕 ● auto-decoding 🆕 ● body decompress 🆕 ● fake bot 🆕 ● google-oauth2 🆕
  • 25. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave Plugins in the making for v4 ● GeoIP plugin ● IP reputation
  • 26. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 New Rules
  • 27. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave New Rules ● SSRF
  • 28. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave New Rules ● SSRF ● Email protocols (SMTP, POP3, IMAP)
  • 29. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave New Rules ● SSRF ● Email protocols (SMTP, POP3, IMAP) ● Log4J / Log4Shell, Spring4Shell
  • 30. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave New Rules ● SSRF ● Email protocols (SMTP, POP3, IMAP) ● Log4J / Log4Shell, Spring4Shell ● Common Webshell detection
  • 31. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave New Rules ● SSRF ● Email protocols (SMTP, POP3, IMAP) ● Log4J / Log4Shell, Spring4Shell ● Common Webshell detection ● Improved the detection across the board for RCE and SQLi and many more
  • 32. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 CRS v4 Release Plan
  • 33. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS v4 Release Plan ● Originally planned for May / June 2022
  • 34. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS v4 Release Plan ● Originally planned for May / June 2022 ● Shot to pieces by private Bug Bounty
  • 35. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS v4 Release Plan ● Originally planned for May / June 2022 ● Shot to pieces by private Bug Bounty ● Need to fix litterally dozens of findings first
  • 36. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS v4 Release Plan ● Originally planned for May / June 2022 ● Shot to pieces by private Bug Bounty ● Need to fix litterally dozens of findings first ● Expect backports of findings for existing release lines
  • 37. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS v4 Release Plan ● Originally planned for May / June 2022 ● Shot to pieces by private Bug Bounty ● Need to fix litterally dozens of findings first ● Expect backports of findings for existing release lines ● New release plan after Summer
  • 38. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Trustwave CRS GOLD Sponsors CRS SILVER Sponsors
  • 39. @ChrFolini – What’s new in CRS4? – OWASP AppSec EU 2022-06-09 Questions and Answers, Contact Contact: @ChrFolini christian.folini@owasp.org