-
Here is my latest blog describing a new script that can be used to trigger an arbitrary
@CoreRuleSet /#CRS3 anomaly score. Read "Introducing crs-trigger" to learn how I do it, why it's a completely legal probe - and a few ideas what you can do with this. https://buff.ly/2vRWhyb -
Teaching
#CRS3 today: By pure chance, I have one of the few rules with#CAPEC tagging on the screen; door opens and#CISO walks in (big US corp here). Thanks to syntax highlighting, he notes tag immediately and goes : "I see CAPEC, I like this. This is what we need!"#SecurityWin -
I'm having a fun writing a blog post introducing my script http://crs-trigger.py that you can use to trigger an arbitrary
#CRS3 anomaly score. -
Two weeks of conferences and now three days of teaching
#ModSecurity and practical#CRS3 /@coreruleset. Jacksonville, here I come!
-
I'm teaching
#OWASP#infosec for a few days in Jacksonville, FL. Meeting any security minded people is one of the goals. Plz get in touch. Also: invitation to a superbowl party would be fun (and an interesting cultural exp for a guy from switzerland)@CoreRuleSet#crs3 -
Bye, bye California. The last 10 days with
@AppSecCali /#appseccali and then@enigmaconf /@enigma2020 were a blast! Now boarding my plane for Jacksonville, Florida, where I will teach#ModSecurity /@coreruleset next week.#CRS3 -
I'm at
#AppSecCali today and tomorrow. Say hello if you want to talk#ModSecurity,#OWASP@CoreRuleSet,#WAFs,#CVE-2019-19886, or high security setups in general. I'm also presenting on Friday afternoon. And I'm looking for excellent speakers for@swisscyberstorm in Oct.#CRS3 -
In den letzten
#CRS3 News gibt es mehrere Beiträge von unserer@bufrasch, unter anderem zum@acrevis -Projekthttps://twitter.com/CoreRuleSet/status/1216992550457921536 … -
ModSecurity 3.0.4 - a security release - has been published. We're covering this and many announcements with our new edition of the
#CRS3 news: https://coreruleset.org/20200114/crs-project-news-january-2020/ … -
.
@litespeedtech has done a speedtest comparing Apache with NGINX with LiteSpeed without and with#ModSecurity enabled, with@CoreRuleSet and with Comodo rules. Very interesting numbers - and we need to look into this LiteSpeed thing...#CRS3 https://blog.litespeedtech.com/2019/12/02/modsecurity-performance-apache-nginx-litespeed … -
I'm going to LA! My talk about
#ModSecurity /@OWASP@CoreRuleSet in High Security Settings has been accepted for@AppSecCali on Jan 23/24!
#CRS3 https://2020.appseccalifornia.org/ CC@shehackspurple@InfosecVandanapic.twitter.com/pX2Ct408Er
-
Fun times teaching
#ModSecurity /@OWASP@CoreRuleSet in Zurich today. Next course nov 25 / 26 in London. 2 tickets available.#CRS3 pic.twitter.com/y9n8yoPgQx
-
Earlier today,
@garethheyes presented over 70 new#XSS payloads at#GlobalAppSec. We ran them against the latest@OWASP@CoreRuleSet. Of the 73 payloads, we caught 72 in the default installation. Here is the detailed report. https://coreruleset.org/20190926/running-a-few-dozens-of-new-magic-xss-payloads-against-crs-3-2/ … CC@jaywalknet@albinowax#CRS3 -
I got my own epic
@CoreRuleSet#CRS3 poster now! Handed to me by none other than@ChrFolini. Found the perfect spot next to my desk#ModSecurity#owasppic.twitter.com/Kq3UE4E4ir
-
Protecting CMS with ModSecurity Training in Zurich
@SWITCH_ch.@ChrFolini is teaching how to use#CRS3 with#ModSecurity. In the afternoon@SniperSister from@djumla will teach how to use the#SIWECOS hoster information to protect CMS.pic.twitter.com/3iEz3h71SM
-
We are happy to announce the
@OWASP#ModSecurity@CoreRuleSet version 3.1 featuring a complete new group of rules against#Java injection attacks and much more.#CRS3 https://coreruleset.org/20181128/announcement-owasp-modsecurity-core-rule-set-version-3-1-0/ …pic.twitter.com/J7038GQI5h
-
.
@ApproachBE has released a piece of code that fits into#ModSecurity and adds complementary bash protection with the help of a new "t:bash" transformation. This is very interesting, namely for@coreruleset.#CRS3 https://www.approach.be/en/modsecurity.html … -
#ISS 18/04/14#CRS3#Dragon launches on a#Falcon9 v1.1 being captured 2 days later and released on 18/05/14 Payloads:#HDEV the High Definition Earth Viewing system attached to the outside of#Columbus and#OPALS on#ELC1@Axm61@Lunar_Luster@BALLSRocketry#stoptheflopclubpic.twitter.com/ZqEbU0Im34
-
Guest post by pen-tester
@pedantic_hacker on our blog. He explains why people should be using@CoreRuleSet on their sites. https://coreruleset.org/20180913/some-thoughts-on-why-web-application-firewalls-really-make-a-difference/ …#CRS3 -
Here comes an interview that Chris from the
@AppSecPodcast did with me during the@OWASP@AppSecEU conference in July. It's mostly about@CoreRuleSet and web application firewalls in general. Correction to tweet: I'm a project co-lead. It's 3 of us running it.#CRS3 https://twitter.com/AppSecPodcast/status/1026891451920265217 …
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.