As the cornerstone of open-source Web Application Firewalls, OWASP ModSecurity has protected the web for decades. However, maintaining its relevance in today’s evolving threat landscape requires more than just incremental updates—it requires a fundamental modernization. This presentation dives deep into the recent engineering efforts aimed at transforming the ModSecurity codebase into a leaner, more robust, and future-proof security engine.
Key highlights include:
* Code Quality & Refactoring: How we addressed technical debt and implemented stricter development standards.
* New Features: A look at the latest functionalities designed to counter sophisticated web attacks.
* Dependency Management: The rationale behind removing abandoned libraries and the technical challenges involved.
* The Path to a New Version: Why a major version update became necessary and what it means for the community.
* Beyond the Code: A brief look at the supporting ecosystem, including the complete renewal of the official website and documentation.
Attendees will gain a clear understanding of the architectural decisions shaping the next era of ModSecurity and what to expect from the upcoming releases.
I'm 54, system and software engineer. ModSecurity contributor since 2017, Coreruleset developer since 2019, OWASP member since 2021 and project co-leader since 2024.
