[Owasp-leaders] OWASP Core Rule Set v3.0.0 (final) Released

Andrew van der Stock vanderaj at owasp.org
Mon Nov 14 14:09:09 UTC 2016

Great job to all those involved! :)


On Tue, Nov 15, 2016 at 12:06 AM Chaim Sanders <chaim.sanders at owasp.org>

> Greetings fellow OWASP members,
> It is with great excitement that I am able to share the culmination of a
> project the Core Rule Set team has been developing for quite some time -
> OWASP Core Rule Set (CRS) Version 3.0.0 (stable). For those who are
> unaware, the OWASP CRS is a set of generic rules designed to protect
> users against threats like the OWASP Top 10
> <https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project>. The
> rule set is most often deployed in conjunction with an existing Web
> Application Firewall like ModSecurity <https://modsecurity.org/>.
> This latest version features many changes that help make CRS a valuable
> part of a Defense in Depth strategy for protecting you web application.
> Some these include:
>    - Improved and More Precise Detection Coverage
>    - Reduced False Positives and the Introduction of Paranoia Levels
>    - Anomaly Scoring Mode by Default
>    - Simplified User Experience
>    - New Remote Code Execution Rules
>    - Improved Layout, Documentation, and Testing
> With this new release we are seeing on the order of 90-95% fewer false
> positives in production environments. This is a large step that should make
> CRS more accessible to the masses and we hope you all find it useful as
> well.
> To download a copy or to submit any issue, please visit our Github
> <https://github.com/SpiderLabs/owasp-modsecurity-crs> (
> https://github.com/SpiderLabs/owasp-modsecurity-crs/releases/tag/v3.0.0).
> If you are seeking additional information about the release, please check
> out this accompanying blog post <http://goo.gl/f4uxlq>. The OWASP CRS
> team is truly excited and pleased with this release, there are even
> rumors this new rule set is being made into a movie
> <https://modsecurity.org/crs/poster>
> Sincerely Chaim Sanders, on behalf of the Core Rules Set development team.
> --
> --
> Chaim Sanders
> http://www.ChaimSanders.com <http://www.chaimsanders.com/>
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20161114/3d960e81/attachment.html>

More information about the OWASP-Leaders mailing list