Core Rule Set for the Masses
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the intricacies of fine-tuning the OWASP ModSecurity Web Application Firewall in this 37-minute conference talk from AppSecUSA 2017. Gain insights from Verizon Edgecast CDN's large-scale deployment of the OWASP Core Rule Set (CRS) across thousands of servers. Learn strategies for reducing alert noise levels by up to 90% using lesser-known ModSecurity features. Discover the challenges and benefits of upgrading from CRS 2.2.9 to 3.0. Understand how to balance risk management and false positives for diverse customer needs. Walk away with practical knowledge on optimizing CRS implementation, including anomaly scoring, safe exclusions, and leveraging paranoia mode in CRS 3.0. Benefit from the speakers' extensive experience in security analysis, incident response, and WAF consulting to enhance your own ModSecurity fine-tuning process.
Syllabus
Intro
Agenda
Verizon Edgecast Network
Web Application Firewalls
WAF Benefits
Mod Security - A brief history
Mod Security Architecture - Two Components
ModSecurity Principles
Mod Security Capabilities
Performance Considerations
Response Time Test
Limitations
WAFs Are Essential
Set Your Expectations
Know Yourself
Know Your Adversary
Know Your Environment
Let's NOT Abandon WAF
Core Rule Set (CRS)
The Holy Grail of Fine-tuning
Fine-tuning Your WAF
Anomaly Scoring in Mod Security
Anomaly Scoring Explained
Keeping the Wall Bulletproof
Safe Exclusions
Exclusion Example
Cookie Exclusions
Core Rule Set 3.0
Paranoia Mode
Taught by
OWASP Foundation
Related Courses
Building Geospatial Apps on Postgres, PostGIS, & Citus at Large ScaleMicrosoft via YouTube Unlocking the Power of ML for Your JavaScript Applications with TensorFlow.js
TensorFlow via YouTube Managing the Reactive World with RxJava - Jake Wharton
ChariotSolutions via YouTube What's New in Grails 2.0
ChariotSolutions via YouTube Performance Analysis of Apache Spark and Presto in Cloud Environments
Databricks via YouTube