Introduction to the OWASP ModSecurity Core Rule Set
Offered By: nullcon via YouTube
Course Description
Overview
Explore the fundamentals of web application security in this 44-minute webinar presented by Christian Folini at Nullcon. Delve into the OWASP ModSecurity Core Rule Set (CRS), a powerful open-source tool designed to protect web applications from a wide range of attacks. Learn about the concept of Web Application Firewalls (WAFs), the ModSecurity engine, and key CRS features such as paranoia levels, stricter siblings, and anomaly scoring. Witness a live demonstration of the ruleset's detection capabilities and gain insights into managing false positives, custom responses, and rule updates in enterprise environments. Benefit from Folini's extensive experience in high-security ModSecurity configuration, DDoS defense, and threat modeling as he bridges complex technical concepts with his unique background in medieval history.
Syllabus
Introduction
Christian Folini
Why use a Web Application Firewall
What is ModSecurity
Rules on Top
How does it work
Levels of paranoia
How does that look
Confirmed
Anomaly Scoring
Demo
Problem false positives
Summary
Questions
Custom Response
Rule Updates
How to manage this on enterprise level
Karraza
Dust
payload
antiautomation
plugins
Taught by
nullcon
Related Courses
Secure Your Code - Injections and LoggingPluralsight Implementing AppSensor in ModSecurity
LASCON via YouTube OWASP Flagship Projects - OWASP ModSecurity Core Rule Set
OWASP Foundation via YouTube Practical OWASP CRS in High Security Settings
OWASP Foundation via YouTube Core Rule Set for the Masses
OWASP Foundation via YouTube