Submission + - OWASP ModSecurity Core Rule Set v3.0 released
dune73 writes: The OWASP ModSecurity Core Rule Set v3.0.0 release is now available. The OWASP CRS is a widely used Open Source set of generic rules designed to protect users against threats like the OWASP Top 10. The rule set is most often deployed in conjunction with an existing Web Application Firewall (WAF) like ModSecurity. Four years into the making, this release comes with dozens of new features including: reduced false positives (by over 90% in the default setup), improved detection of SQLi, XSS, RCE and PHP injections, the introduction of a Paranoia Mode which allows to assign a certain security level to a site, and better documentation that takes the pain out of ModSecurity. We are so excited about this, we want to make it into movie. In fact, we have already started the project with a poster.
