Thursday
Room 6 - OWASP
15:00 - 16:00
(UTC+01)
Talk (60 min)
It is rough without a WAF
Around 75% of the CVEs being disclosed in 2025 were related to vulnerabilities like XSS, SQL injection, CSRF or File Inclusion and while the path forward usually involves patching the vulnerable libraries, a WAF still plays a key role in mitigating the vulnerability within existing SLAs while the root cause solution is tackled.
In this talk we’ll review how the Web Application Firewall can be part of a robust cybersecurity strategy to protect our applications and be involved in triage, remediation and audit phase. We’ll also then meet OWASP Coraza, a modern WAF library that embraces OWASP CoreRuleSet, and how together they protect web applications from a wide range of attacks.
José Carlos Chávez
José Carlos Chávez is a Security Software Engineer at Okta, an OWASP Coraza co-leader and a Mathematics student at the University of Barcelona. He enjoys working in Security, compiling to WASM, designing APIs and building distributed systems. While not working with code, you can find him sipping on kombuchas or enjoying his children.