Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 14 Nov 2016 09:42:23 -0500
From: Chaim Sanders <chaim@...imsanders.com>
To: oss-security@...ts.openwall.com
Subject: OWASP Core Rule Set v3.0.0 (final) Released.

Happy Monday fellow Open Source Security aficionados,

I am pleased to share with you the release of the OWASP Core Rule Set (CRS)
Version 3.0.0 (stable). For those who are unaware, the OWASP CRS is a set
of generic rules designed to protect users against threats to web
applications. The rule set is most often deployed in conjunction with an
existing Web Application Firewall like ModSecurity
<https://modsecurity.org/>.

This latest version features many changes that help make CRS a valuable
part of a Defense in Depth strategy for protecting you web application.
Some of these include:

·  Improved and More Precise Detection Coverage

·  Reduced False Positives and the Introduction of Paranoia Levels

·  Anomaly Scoring Mode by Default

·  Simplified User Experience

·  New Remote Code Execution Rules

·  Improved Layout, Documentation, and Testing

With this new release we are seeing on the order of 90-95% fewer false
positives in production environments. This is a large improvement that
should make CRS more accessible to the masses and we hope you all find it
useful as well. We are always looking for feedback, feel free to test and
report any issues to us.



To download a copy or to submit any issue, please visit our Github
<https://github.com/SpiderLabs/owasp-modsecurity-crs> (
https://github.com/SpiderLabs/owasp-modsecurity-crs/releases/tag/v3.0.0).
If you are seeking additional information about the release, please check
out this accompanying blog post <http://goo.gl/f4uxlq>. The OWASP CRS team
is truly excited and pleased with this release, there are even rumors this
new rule set is being made into a movie <https://modsecurity.org/crs/poster>




Chaim Sanders, on behalf of the Core Rules Set development team.

-- 
-- 
Chaim Sanders
http://www.ChaimSanders.com

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ