OWASP Core Ruleset (2013)

When will cloudflare update OWASP Core Ruleset? I think there is a newer version of these rules?

1 Like

These are 2017 New rules - https://www.owasp.org/index.php/Top_10-2017_Top_10

PDF Version - https://www.owasp.org/images/7/72/OWASP_Top_10-2017_(en).pdf.pdf

Hi @user3011,

I’m interested in that, too.

Searching for OWASP 2017 in the Cloudflare channels, this was the only mention I found:


At Cloudflare, we use three key indicators to understand the severity of a vulnerability 1) how many customers on Cloudflare are running the affected software 2) the Common Vulnerability Scoring System (CVSS) score, and 3) the OWASP Top 10, an open-source security framework.

We assess this vulnerability to be very significant as it has a CVSS score of 9.8/10 and affects 7 out of the 10 key risk areas of the OWASP 2017 Top 10.


Cloudflare’s protection against a new Remote Code Execution vulnerability (CVE-2019-16759) in vBulletin

I asked them via ticket about 1 year ago and support executive at that time told me that they have implemented it months ago. But now they are showing itself that they are using 2013 version. Its about two year for new ruleset and they are still using old rulesets.

This topic was automatically closed after 30 days. New replies are no longer allowed.