The landmark transfer of ModSecurity custodianship to OWASP promises to inject fresh energy and perspectives into this project. OWASP’s vast network of security experts and volunteers can now directly contribute to the project’s core. This powerful WAF is poised to further solidify its position as a cornerstone of web application security, protecting countless websites against the ever-evolving threat landscape.
We, as an industry, can all stand to benefit from this open-source collaboration, empowering developers, and security professionals alike to build and maintain safer applications in the years to come.
We strive to make the OWASP Modsecurity accessible to a wide audience of beginner and experienced users. We are interested in hearing any bug reports, false positive alert reports, evasions, usability issues, and suggestions for new detections.
Create an issue on GitHub to report a false positive or false negative (evasion). Please include your installed version and the relevant portions of your engine audit log. We will try and address your issue and potentially ask for additional information in order to reproduce your problem.
Our project is part of the Open Worldwide Application Security Project (OWASP). This privacy policy will explain how our project uses the personal data we collect from you when you use our website.
Topics:
What data do we collect? How do we collect your data? How will we use your data? How do we store your data? How do we use cookies? Subprocessors Changes to our privacy policy How to contact us How to contact the appropriate authorities What data do we collect?
ModSecurity and NGINX: Tuning the OWASP Core Rule Set Play Video on YouTube
