Core Rule Set for the Masses: Lessons from Taming ModSecurity Rules at Massive Scale - 2017

Explore lessons learned from fine-tuning OWASP ModSecurity Core Rule Set (CRS) at massive scale in this 50-minute LASCON conference talk. Gain insights into the challenges and strategies for optimizing ModSecurity rules across thousands of servers and over 100 locations at Verizon Edgecast CDN. Learn about techniques to reduce alert noise levels by up to 90% using lesser-known ModSecurity features. Discover the experiences and considerations involved in transitioning from CRS 2.2.9 to 3.0. Walk away with practical knowledge on how to effectively implement and customize the Core Rule Set for large-scale deployments, balancing risk management and false positive reduction for diverse customer needs.

2017 - Core Rule Set for the Masses: Lessons from taming ModSec Rules at Massive Scale - Tin Zaw