oss-sec mailing list archives
OWASP Core Rule Set v3.0.0 (final) Released.
From: Chaim Sanders <chaim () chaimsanders com>
Date: Mon, 14 Nov 2016 09:42:23 -0500
Happy Monday fellow Open Source Security aficionados, I am pleased to share with you the release of the OWASP Core Rule Set (CRS) Version 3.0.0 (stable). For those who are unaware, the OWASP CRS is a set of generic rules designed to protect users against threats to web applications. The rule set is most often deployed in conjunction with an existing Web Application Firewall like ModSecurity <https://modsecurity.org/>. This latest version features many changes that help make CRS a valuable part of a Defense in Depth strategy for protecting you web application. Some of these include: · Improved and More Precise Detection Coverage · Reduced False Positives and the Introduction of Paranoia Levels · Anomaly Scoring Mode by Default · Simplified User Experience · New Remote Code Execution Rules · Improved Layout, Documentation, and Testing With this new release we are seeing on the order of 90-95% fewer false positives in production environments. This is a large improvement that should make CRS more accessible to the masses and we hope you all find it useful as well. We are always looking for feedback, feel free to test and report any issues to us. To download a copy or to submit any issue, please visit our Github <https://github.com/SpiderLabs/owasp-modsecurity-crs> ( https://github.com/SpiderLabs/owasp-modsecurity-crs/releases/tag/v3.0.0). If you are seeking additional information about the release, please check out this accompanying blog post <http://goo.gl/f4uxlq>. The OWASP CRS team is truly excited and pleased with this release, there are even rumors this new rule set is being made into a movie <https://modsecurity.org/crs/poster> Chaim Sanders, on behalf of the Core Rules Set development team. -- -- Chaim Sanders http://www.ChaimSanders.com
Current thread:
- OWASP Core Rule Set v3.0.0 (final) Released. Chaim Sanders (Nov 14)