Franziska Bühler

Architect Puzzle ITC, Member of OWASP DevSlop Team

Franziska is a security enthusiast. She has been in the cybersecurity space for over ten years working mainly in the field of defensive security. As a member of Puzzle ITC she pursues her passion for security, DevOps and open source software.

She has a strong background in web application firewalls (WAFs) from her extensive experience as a webserver engineer and as a co-developer of the OWASP ModSecurity Core Rule Set (CRS). As part of the OWASP DevSlop team she integrated CRS into a Continuous Integration pipeline, to provide developers the chance to tune their WAF earlier in the SDLC.

She also blogs, speaks at conferences and provides technical training. When she isn’t disassembling highly optimized regexes or studying technical books, she enjoys spending time with her family.


Web Application Firewall - Would you like a little more web application security?

While security awareness is increasing, security mechanisms are often already anchored in the frameworks. But can we always trust our code 100 percent? And do we always have full control over the backend application?
This is where a web application firewall (WAF) comes into play. As an additional security layer in front of the application backend, it inspects and blocks HTTP traffic. A WAF protects against web application attacks, such as those described in the OWASP Top Ten.
In my talk, I will introduce the open source Web Application Firewall ModSecurity with the OWASP ModSecurity Core Rule Set (
We can sleep a little more peacefully when we have implemented a little more security.