This talk will comprehensively introduce Coraza, its use cases, implementation challenges, and general operationalisation guidelines. In recent years, we have been involved in several significant discussions, including: - Why not Core Ruleset WAF? - Evaluating the effectiveness of signature-based rules in protecting against zero-day vulnerabilities. - Considering the applicability of Machine Learning in the realm of security. - How can ModSecurity and Coraza live together? This presentation will examine each of these areas in depth. It will also cover the latest benchmarks and metrics and investigate future improvements, such as the possibility of a new rule language, support for multi-threading regex, and dynamic rule execution based on payload type. - Managed by the OWASP® Foundation