Explore lessons learned from fine-tuning OWASP ModSecurity Core Rule Set (CRS) at massive scale in this 50-minute LASCON conference talk. Gain insights into the challenges and strategies for optimizing ModSecurity rules across thousands of servers and over 100 locations at Verizon Edgecast CDN. Learn about techniques to reduce alert noise levels by up to 90% using lesser-known ModSecurity features. Discover the experiences and considerations involved in transitioning from CRS 2.2.9 to 3.0. Walk away with practical knowledge on how to effectively implement and customize the Core Rule Set for large-scale deployments, balancing risk management and false positive reduction for diverse customer needs.
Core Rule Set for the Masses: Lessons from Taming ModSecurity Rules at Massive Scale - 2017
Overview
Syllabus
2017 - Core Rule Set for the Masses: Lessons from taming ModSec Rules at Massive Scale - Tin Zaw
Taught by
LASCON
Related Courses
-
Application Analysis with ModSecurity
-
Core Rule Set for the Masses
-
Introducing the OWASP ModSecurity Core Rule Set 3.0 - AppSec EU 2017
-
Introduction to the OWASP ModSecurity Core Rule Set
-
The Rise and Fall of ModSecurity and the OWASP Core Rule Set
-
Big Data Intelligence - Harnessing Petabytes of WAF Statistics for Web Protection
