@ModSecurity profile picture
ModSecurity @ModSecurity

ModSecurity is an Open Source web application firewall developed by Trustwave's SpiderLabs.

Joined April 2009
  • Tweets 1,566
  • Following 18
  • Followers 4,596
10 Photos and videos
"How big is too big" - a new blog post has been published on modsecurity.org - enjoy reading! modsecurity.org/20260222/how…

OWASP Modsecurity Project

Open Source Web Application Firewall

modsecurity.org
2
3
456
ModSecurity retweeted
Core Rule Set@CoreRuleSet
22 Sep 2025
CRS will have its second community call on September 22, from 20:30 to 21:30 CEST (18:30 UTC / 2:30 p.m. ET) and will be moderated by former CRS co-leader Christian Folini. Check more details and register here: luma.com/8yc1p543

CRS Community Call · Luma

A video call where the CRS dev team gets to meet their community face-to-face. A place for information exchange and questions for both newbies and experienced…

luma.com
4
7
2,418
A new version of mod_security2 has been released, please check the blog post: modsecurity.org/20250805/imp…

Improper error handling: CVE-2025-54571 - 2025 August

We would like to share our take on CVE-2025-54571, which was published on August 5, 2025.

modsecurity.org
1
189
A new version of mod_security2 has been released, please check the blog post: modsecurity.org/20250701/dos…

DoS vulnerability: CVE-2025-52891 - 2025 July

We would like to share our take on CVE-2025-52891, which was published on July 1, 2025.

modsecurity.org
2
247
New version of mod_security2 have been released:  github.com/owasp-modsecurity… This versions includes a fix against a recently discovered (another) DoS vulnerability: modsecurity.org/20250602/dos… Please upgrade your module!
2
199
New version has been released: Nginx connector: github.com/owasp-modsecurity… blog post: modsecurity.org/20250521/mod… Please note that the log format has been changed!
2
176
New version have been released: mod_security2:  github.com/owasp-modsecurity… This versions includes a fix against a recently discovered DoS vulnerability: modsecurity.org/20250521/pos… Please upgrade your module!
1
145
Happy to announce OWASP Open WAF Day: owasp2025globalappseceu.sche… Feel free to register yourself! #modsecurity #coreruleset #crs #coraza #waf

OWASP 2025 Global AppSec EU: Open WAF Day | CRS & ModSecurity & Coraz...

View more about this event at OWASP 2025 Global AppSec EU

owasp2025globalappseceu.sched.com
2
511
Please take a look at this issue and share your opinions (on GH): github.com/owasp-modsecurity…

Remove possiblity to disable early-blocking processing · Issue #3362 · owasp-modsecurity/ModSecurity

The compile-time option --disable-request-early in ModSecurity 2.x can lead to incorrect request processing with Core Rule Set (CRS) 4.0 and higher (as highlighted here). Given that CRS 4.0 relies...

github.com
2
263
ModSecurity retweeted
EasyDCIM@EasyDCIM
20 Mar 2025
Running smooth is great, but running secure is essential. #EasyDCIM v1.15.0 now supports #ModSecurity on #Debian-based systems, giving you a critical edge against evolving cybersecurity risks. See how else our platform helps you outpace threats: easydcim.com/blog/easydcim-v… #Firewall
1
1
166
Please update your libmodsecurity3 instances as soon as possible: modsecurity.org/20250225/htm…

HTML Entity Decoding Regression: CVE-2025-27110 - 2025 February

We would like to share our take on CVE-2025-27110, which was published on February 25, 2025.

modsecurity.org
2
5
1,732
It's time to move to PCRE2 as default: modsecurity.org/20250217/use…

Use PCRE2 as default - 2025 February

It’s time to switch to using the PCRE library.

modsecurity.org
2
198
ModSecurity retweeted
Core Rule Set@CoreRuleSet
6 Feb 2025
CRS will have its first community call on March 17, from 20:30 to 21:30 CET (19:30 UTC / 2:30 p.m. ET) and will be moderated by former CRS co-leader Christian Folini. Register here: coreruleset.org/register/com…
3
7
400
CVE-2024-46292 was published related to ModSecurity: cve.mitre.org/cgi-bin/cvenam… Here is the team's resolution: modsecurity.org/20241011/abo… If you have any question you can ask here: github.com/owasp-modsecurity…
2
7
683
ModSecurity retweeted
Core Rule Set@CoreRuleSet
30 Aug 2024
The CRS project has released version 4.6.0 for CRS 4 and version 3.3.6 for CRS 3. The new releases tackle two multipart file upload bypass methods. All users are requested to update to the new releases. Read more and get the new releases: coreruleset.org/20240829/crs…
5
11
523
New versions of ModSecurity have been released, see the blog post: modsecurity.org/20240903/new…
8
11
1,113
modsecurity.org/20240830/mod… After a long period, the modsecurity.org website is available again with renewed content and form.
3
384
Please save the date: we would like to organize a mini-event on June 5, 2024, where we can meet everyone in person and discuss future tasks. The venue is Leuven, Belgium - the exact location has yet to be determined. We will meet around 13:00 and will leave about 18:00.
1
4
724
ModSecurity retweeted
Christian Folini@ChrFolini
4 Apr 2024
This is a bit of a portrait of the #OWASP #WAF projects I am co-leading. Translation should be easy if you do not read German. CC @coreruleset, @ModSecurity
inside-it.ch@inside_it
3 Apr 2024
Seit Anfang Jahr verwaltet @owasp die "Web Application Firewall"-Engine, welche unter anderem das #Evoting-System der @swisspost schützt. Wir haben uns mit dem Verantwortlichen, @ChrFolini, unterhalten. inside-it.ch/open-source-fir…
3
6
1,006
ModSecurity retweeted
MVA@mvajou
22 Mar 2024
Replying to @CoreRuleSet
#CRS is largely underestimated by new OpSec. Thanks for your work ;-)
3
4
512
Load more