It has been a while since we have seen big development in the OWASP ModSecurity Core Rules. This is due to the fact, that the development took place in a separate branch named 3.0.0-dev which adopts many of the newer features and operators included in ModSecurity since 2.7; notably @detectSQLi and @detectXSS. When you take […]
This is a blog post about the OWASP ModSecurity Core Rules. The rule 981173 was recently updated in the 2.9 core rule branch to reduce the uuid induced false positives for the rule. Uuids are indeed a major source of false positives on this rule, also in installations I know. The said update pulled in […]
November 2, 2015, saw this years edition of the conference Cyber-Risks Switzerland organised by MELANI. While the last year’s edition presented a lot of interesting and promising ideas, this year brought concepts in draft stage, first reports from the frontline, lessons learnt at law enforcement and a batch of reports in finalised state. It’s all […]
The minutes of the first ModSecurity Developer Community Meeting have been posted online at https://www.modsecurity.org/developers/meetings/modsecurity.2015-10-14-19.06.html. A tiny patch fixing the ModSecurity / Apache logformat has been accepted into the next ModSecurity release 2.9.1. So we are technically part of the developer community, but our participation goes far deeper than the coding. See the transcript. […]
