What's new with the ModSecurity Core Rule Set 4.0 (online)

Hi,

we welcome again Christian Folini, project lead for the OWASP CRS, as our guest. As the title indicates there's a new CRS release coming up. Christian explains online (this time) what that is about.

Presentation language is English probably. It would be great though if you could answer the question in the RSVP accordingly.

# TL:DR;)

Title: "What's new with the ModSecurity Core Rule Set 4.0"
Speaker: Christian Folini
Location: Online, please check the link the day before
Start: 9th of May 2022, 6:30 pm (CEST)
Networking: Stick around afterwards a bit. Grab a soda, beer, a wine or the like.

# Abstract

Building on the basic introduction to the OWASP ModSecurity Core Rule Set (CRS) presentation from April 2021, this talk will present an overview of the upcoming CRS 4.0 release. We will look at new features like the
plugin functionality, new rules and important changes.

The talk will also cover the situation around ModSecurity and the emerging alternative WAF engine Coraza.

# Bio

Christian Folini is a security engineer and open source enthusiast. He
holds a PhD in medieval history and enjoys defending castles across
Europe. Unfortunately, defending medieval castles is not a big
business anymore and so, he turned to defending web applications, which he finds equally challenging. He brings more than ten years of experience with ModSecurity configuration in high security environments, DDoS defense and threat modeling.
Christian Folini is the author of the second edition of the ModSecurity
Handbook and the best known teacher on the subject. He serves as the program chair of the "Swiss Cyber Storm" conference, the prime security conference in Switzerland. He is a frequent speaker at conferences, where he tries to use his background in the humanities to explain hardcore technical topics to audiences of different backgrounds.

# How to participate

OWASP Hamburg Meetup members who rsvp'd for the event will see the URL at the RHS and can join the video conference directly. I'll update the invite URL ~ a day before. Also you would need a PIN which you find here: 891903

Please make sure when the talk starts your video is off and you are muted.

We are again guest of cyber4edu which provides us with a privacy friendly video conference facility. Thank you!

# Our OWASP "Stammtisch"

Our meeting is about web applications and their (in)security and/or about IT security in general. People come together who care as a hobby or in their job about information security: developers, managers, pentesters and everybody else who's interested. The atmosphere is open and relaxed. Who's coming to sell products or services: Move on, this is not the right place. OWASP is about education and sharing (mostly) technical information.
Feel free to forward our meetup URL to your colleagues or friends. They are welcome, too. Participation is free and open -- as the O in OWASP.

Cheers, Dirk