Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <CAE8hE=qj7XjN16XP67ij-1J4L6da=O6=ByYPORJCG27d131Rjg@mail.gmail.com>
Date: Mon, 14 Nov 2016 09:42:23 -0500
From: Chaim Sanders <chaim@...imsanders.com>
To: oss-security@...ts.openwall.com
Subject: OWASP Core Rule Set v3.0.0 (final) Released.

Happy Monday fellow Open Source Security aficionados,

I am pleased to share with you the release of the OWASP Core Rule Set (CRS)
Version 3.0.0 (stable). For those who are unaware, the OWASP CRS is a set
of generic rules designed to protect users against threats to web
applications. The rule set is most often deployed in conjunction with an
existing Web Application Firewall like ModSecurity
<https://modsecurity.org/>.

This latest version features many changes that help make CRS a valuable
part of a Defense in Depth strategy for protecting you web application.
Some of these include:

·  Improved and More Precise Detection Coverage

·  Reduced False Positives and the Introduction of Paranoia Levels

·  Anomaly Scoring Mode by Default

·  Simplified User Experience

·  New Remote Code Execution Rules

·  Improved Layout, Documentation, and Testing

With this new release we are seeing on the order of 90-95% fewer false
positives in production environments. This is a large improvement that
should make CRS more accessible to the masses and we hope you all find it
useful as well. We are always looking for feedback, feel free to test and
report any issues to us.



To download a copy or to submit any issue, please visit our Github
<https://github.com/SpiderLabs/owasp-modsecurity-crs> (
https://github.com/SpiderLabs/owasp-modsecurity-crs/releases/tag/v3.0.0).
If you are seeking additional information about the release, please check
out this accompanying blog post <http://goo.gl/f4uxlq>. The OWASP CRS team
is truly excited and pleased with this release, there are even rumors this
new rule set is being made into a movie <https://modsecurity.org/crs/poster>




Chaim Sanders, on behalf of the Core Rules Set development team.

-- 
-- 
Chaim Sanders
http://www.ChaimSanders.com

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.