Главная
Study mode:
on
1
Intro
2
Agenda
3
Verizon Edgecast Network
4
Web Application Firewalls
5
WAF Benefits
6
Mod Security - A brief history
7
Mod Security Architecture - Two Components
8
ModSecurity Principles
9
Mod Security Capabilities
10
Performance Considerations
11
Response Time Test
12
Limitations
13
WAFs Are Essential
14
Set Your Expectations
15
Know Yourself
16
Know Your Adversary
17
Know Your Environment
18
Let's NOT Abandon WAF
19
Core Rule Set (CRS)
20
The Holy Grail of Fine-tuning
21
Fine-tuning Your WAF
22
Anomaly Scoring in Mod Security
23
Anomaly Scoring Explained
24
Keeping the Wall Bulletproof
25
Safe Exclusions
26
Exclusion Example
27
Cookie Exclusions
28
Core Rule Set 3.0
29
Paranoia Mode
Description:
Explore the intricacies of fine-tuning the OWASP ModSecurity Web Application Firewall in this 37-minute conference talk from AppSecUSA 2017. Gain insights from Verizon Edgecast CDN's large-scale deployment of the OWASP Core Rule Set (CRS) across thousands of servers. Learn strategies for reducing alert noise levels by up to 90% using lesser-known ModSecurity features. Discover the challenges and benefits of upgrading from CRS 2.2.9 to 3.0. Understand how to balance risk management and false positives for diverse customer needs. Walk away with practical knowledge on optimizing CRS implementation, including anomaly scoring, safe exclusions, and leveraging paranoia mode in CRS 3.0. Benefit from the speakers' extensive experience in security analysis, incident response, and WAF consulting to enhance your own ModSecurity fine-tuning process.

Core Rule Set for the Masses

OWASP Foundation
Add to list
#Conference Talks #Programming #Web Development #Web Application Security #Information Security (InfoSec) #Cybersecurity #Web Security #Web Application Firewalls #ModSecurity
1 of 29

Intro