[Owasp-leaders] OWASP Core Rule Set v3.0.0 (final) Released

Chaim Sanders chaim.sanders at owasp.org
Mon Nov 14 13:04:05 UTC 2016

Greetings fellow OWASP members,
It is with great excitement that I am able to share the culmination of a
project the Core Rule Set team has been developing for quite some time -
OWASP Core Rule Set (CRS) Version 3.0.0 (stable). For those who are
unaware, the OWASP CRS is a set of generic rules designed to protect users
against threats like the OWASP Top 10
<https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project>. The rule
set is most often deployed in conjunction with an existing Web Application
Firewall like ModSecurity <https://modsecurity.org/>.
This latest version features many changes that help make CRS a valuable
part of a Defense in Depth strategy for protecting you web application.
Some these include:

   - Improved and More Precise Detection Coverage
   - Reduced False Positives and the Introduction of Paranoia Levels
   - Anomaly Scoring Mode by Default
   - Simplified User Experience
   - New Remote Code Execution Rules
   - Improved Layout, Documentation, and Testing

With this new release we are seeing on the order of 90-95% fewer false
positives in production environments. This is a large step that should make
CRS more accessible to the masses and we hope you all find it useful as

To download a copy or to submit any issue, please visit our Github
<https://github.com/SpiderLabs/owasp-modsecurity-crs> (
If you are seeking additional information about the release, please check
out this accompanying blog post <http://goo.gl/f4uxlq>. The OWASP CRS team
is truly excited and pleased with this release, there are even rumors this
new rule set is being made into a movie <https://modsecurity.org/crs/poster>

Sincerely Chaim Sanders, on behalf of the Core Rules Set development team.

Chaim Sanders
http://www.ChaimSanders.com <http://www.chaimsanders.com/>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161114/9eaf6a21/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CRS3-movie-poster-small.jpg
Type: image/jpeg
Size: 445710 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161114/9eaf6a21/attachment-0001.jpg>

More information about the OWASP-Leaders mailing list