In an era dominated by AI-powered security tools and cloud-native architectures, are traditional Web Application Firewalls still relevant? Join us as we speak with Felipe Zipitria, co-leader of the OWASP Core Rule Set (CRS) project and a veteran security expert with over two decades of experience. Felipe has been at the forefront of open-source security, leading the development of one of the world's most widely deployed WAF rule sets, trusted by organizations globally to protect their web applications.
In this conversation, Felipe challenges common assumptions about "legacy" security technologies and explains why WAFs remain a critical layer in modern defense-in-depth strategies. We'll explore what makes OWASP CRS the go-to choice for security teams, dive into the project's current innovations, and discuss how traditional rule-based security is evolving to work alongside—not against—artificial intelligence. From his unique vantage point as both a practitioner and educator, Felipe offers insights into the future of web application security, the role of open-source communities in keeping the internet safe, and how the next generation of security tools will blend human expertise with machine learning capabilities.
Segment Resources: - github.com/coreruleset/coreruleset - coreruleset.org
This interview is sponsored by the OWASP GenAI Security Project. Visit https://securityweekly.com/owaspappsec to watch all of CyberRisk TV's interviews from the OWASP 2025 Global AppSec Conference!
Felipe Zipitria is a seasoned computer security expert with an MSc from Universidad de la República in Uruguay and over 20 years of technical experience. His career has evolved from SRE, DevOps, and SysAdmin roles into specialized security domains, with the past five years dedicated to Application Security and Cloud SecOps. Throughout his career, he has provided security consulting services for more than a decade, establishing himself as a trusted advisor in the field.
Beyond his professional practice, Felipe is deeply committed to education and open-source community leadership. He teaches Computer Security Fundamentals to undergraduate students and Web Application Security to graduate students at Uruguay’s public university. Since 2013, he has served as Uruguay Co-Chapter Leader for OWASP, and has been a core contributor to OWASP CRS as a developer and co-leader since 2021. He is also part of the OWASP Coraza leadership team, driving innovation in Web Application Firewall development. His dedication to nurturing the next generation of security professionals is evident through his four consecutive years as a Google Summer of Code mentor, where he guides students into open-source and OWASP initiatives.
