[OWASP-Delhi] Fwd: [Owasp-leaders] OWASP Core Rule Set v3.0.0 (final) Released

Sandeep Singh sandeep.singh at owasp.org
Mon Nov 14 13:14:17 UTC 2016


FYI.

thanks
Sandeep

---------- Forwarded message ----------
From: Chaim Sanders <chaim.sanders at owasp.org>
Date: Mon, Nov 14, 2016 at 6:34 PM
Subject: [Owasp-leaders] OWASP Core Rule Set v3.0.0 (final) Released
To: owasp-leaders at lists.owasp.org


Greetings fellow OWASP members,
It is with great excitement that I am able to share the culmination of a
project the Core Rule Set team has been developing for quite some time -
OWASP Core Rule Set (CRS) Version 3.0.0 (stable). For those who are
unaware, the OWASP CRS is a set of generic rules designed to protect users
against threats like the OWASP Top 10
<https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project>. The rule
set is most often deployed in conjunction with an existing Web Application
Firewall like ModSecurity <https://modsecurity.org/>.
This latest version features many changes that help make CRS a valuable
part of a Defense in Depth strategy for protecting you web application.
Some these include:

   - Improved and More Precise Detection Coverage
   - Reduced False Positives and the Introduction of Paranoia Levels
   - Anomaly Scoring Mode by Default
   - Simplified User Experience
   - New Remote Code Execution Rules
   - Improved Layout, Documentation, and Testing

With this new release we are seeing on the order of 90-95% fewer false
positives in production environments. This is a large step that should make
CRS more accessible to the masses and we hope you all find it useful as
well.

To download a copy or to submit any issue, please visit our Github
<https://github.com/SpiderLabs/owasp-modsecurity-crs> (https://github.
com/SpiderLabs/owasp-modsecurity-crs/releases/tag/v3.0.0). If you are
seeking additional information about the release, please check out this
accompanying blog post <http://goo.gl/f4uxlq>. The OWASP CRS team is truly
excited and pleased with this release, there are even rumors this new rule
set is being made into a movie <https://modsecurity.org/crs/poster>

Sincerely Chaim Sanders, on behalf of the Core Rules Set development team.

-- 
-- 
Chaim Sanders
http://www.ChaimSanders.com <http://www.chaimsanders.com/>

_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders at lists.owasp.org
https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-delhi/attachments/20161114/2c209d1d/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CRS3-movie-poster-small.jpg
Type: image/jpeg
Size: 445710 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-delhi/attachments/20161114/2c209d1d/attachment-0001.jpg>


More information about the OWASP-Delhi mailing list