OWASP ModSecurity has long served as a foundational engine for web application firewalls, quietly defending thousands of applications in production environments worldwide.
This talk offers a technical and practical overview of where ModSecurity stands today. We'll cover the major updates and architectural improvements introduced over the past two years, including performance optimizations, expanded language bindings, improved logging and debugging tools, and better containerization support.
We’ll also address the community’s role in ModSecurity's ongoing maintenance and what the current roadmap looks like for key integrations and use cases—from NGINX and Apache to reverse proxies and API gateways.
Whether you're a seasoned user, a contributor, or just exploring WAFs for the first time, this session will help you better understand ModSecurity’s role in the modern security stack—and how to leverage its most recent improvements to meet the demands of today’s web.
What You’ll Learn:- A recap of ModSecurity’s core capabilities and architecture
- Key improvements made since 2023, including performance and compatibility upgrades
- New tooling and deployment patterns
- Current challenges and open areas for contribution
- How ModSecurity is being used today
