Mastodawn

📢 Open WAF Day 2026 — Vienna, June 24th! 🇦🇹
A free, full-day event on WAFs, @coreruleset, and open-source security. CFP is open!
🎟️ Register: https://forms.gle/UckehAUPdR8xZVkd8
🎤 Submit a talk: https://forms.gle/PoBKhza7YcRLFdFU6
See you there! 🚀
#OWASP #WAF #AppSec #CRS

OWASP CRS Feb 18

🔥 OWASP CRS is evolving! Introducing #CRSLang — a new YAML-based rule language replacing Seclang. Cleaner syntax, multi-engine support, bidirectional translation, and a lower barrier for new contributors.
Check it out 👉 https://coreruleset.org/20260122/introducing-crslang-the-next-generation-rule-language-for-owasp-crs/
#WAF #AppSec #OWASP #ModSecurity

Introducing CRSLang: The Next Generation Rule Language for OWASP CRS

We’re excited to introduce CRSLang, a new YAML-based rule language that will replace Seclang in the next major release of OWASP CRS. This represents a significant evolution in how we write, maintain, and deploy WAF rules. Why CRSLang? For nearly two decades, the OWASP CRS has relied on ModSecurity’s Seclang syntax. While Seclang has served us well, it comes with significant limitations that have become increasingly apparent as the project has grown:

CRS Project

OWASP CRS Feb 4

📦 CRS v4.23.0 released!
New CVE detection, SSRF improvements, PHP session upload prevention & more.
Thanks to our amazing contributors: @touchweb_vincent, @azurit, @RedXanadu, @EsadCetiner, @Xhoenix & welcome @disisto! 🎉
Upgrade now 👇
https://github.com/coreruleset/coreruleset/releases/tag/v4.23.0

OWASP CRS Feb 3

Excited to share seclang_parser - a new ANTLR-based parser for ModSecurity's SecLang language!
🎯 One unified grammar that generates parsers for Go & Python, enabling static analysis, IDE integration, config management, and rule optimization tools.
This lays the foundation for next-gen @coreruleset tooling.
🔗 https://coreruleset.org/20260122/introducing-seclang_parser-a-unified-antlr-based-parser-for-seclang/
#OWASP #CRS #WAF #AppSec #OpenSource

Introducing seclang_parser: A Unified ANTLR-Based Parser for SecLang

We are excited to introduce the community to a significant development in the CRS ecosystem: the seclang_parser, an ANTLR-based parser for the SecLang configuration language used by ModSecurity and compatible WAF engines. What is seclang_parser? The seclang_parser is a grammar-based parser built using ANTLR 4 (Another Tool for Language Recognition) that provides a unified, language-agnostic approach to parsing ModSecurity’s SecLang configuration files. Rather than maintaining separate parsing implementations across different programming languages, this project consolidates efforts around a single, authoritative grammar specification.

CRS Project

OWASP CRS Nov 25

CRS3→CRS4 migration made easy! 🚀

🧩 New GPL plugin lets you:
• Run CRS4 in monitor mode over CRS3
• Weed out false positives
• Gradually enable blocking or sampling

https://github.com/netnea/netnea-crs-upgrading-plugin
#OWASP #CRS #Security

GitHub - netnea/netnea-crs-upgrading-plugin

Contribute to netnea/netnea-crs-upgrading-plugin development by creating an account on GitHub.

GitHub

OWASP CRS Nov 2

🚀 OWASP CRS v4.20.0 is out!
✨ New: Enhanced file restrictions, PrestaShop/Magento configs, Expect header blocking
🛠️ Multiple fixes reducing JSON false positives + better detection
👉 github.com/coreruleset/coreruleset/releases/tag/v4.20.0
#OWASP #CRS #WebSecurity #AppSec

OWASP CRS Sep 22, 2025

This is the official account for the OWASP CRS Project.