Overview
Explore lessons learned from fine-tuning OWASP ModSecurity Core Rule Set (CRS) at massive scale in this 50-minute LASCON conference talk. Gain insights into the challenges and strategies for optimizing ModSecurity rules across thousands of servers and over 100 locations at Verizon Edgecast CDN. Learn about techniques to reduce alert noise levels by up to 90% using lesser-known ModSecurity features. Discover the experiences and considerations involved in transitioning from CRS 2.2.9 to 3.0. Walk away with practical knowledge on how to effectively implement and customize the Core Rule Set for large-scale deployments, balancing risk management and false positive reduction for diverse customer needs.
Syllabus
2017 - Core Rule Set for the Masses: Lessons from taming ModSec Rules at Massive Scale - Tin Zaw
Taught by
LASCON