Overview
Explore a comprehensive conference talk on harnessing petabytes of Web Application Firewall (WAF) statistics to analyze and improve web protection in the cloud. Delve into the challenges of managing massive amounts of security event data and learn about a unique platform for collecting, analyzing, and distilling WAF security intelligence information. Discover insights on the OWASP ModSecurity Core Rule Set project's accuracy, common attack trends, and suggestions for optimizing its use. Gain knowledge about using big data for web application security trend analysis, Akamai's Cloud Security Intelligence (CSI) platform, and a demo of the Security Analytics Research Application (SARA) for navigating and analyzing big WAF data. Examine the precision, recall, and accuracy statistics of the OWASP CRS project against real-world traffic, and learn about frequent false positive scenarios and their remediation. Understand the top 10 web application attacks, trends, and triggering rules statistics to enhance your web protection strategies in the cloud era.
Syllabus
Intro
Topics to Cover
Akamai & OWASP CRS
Akamai Intelligent Platform
CSI Platform Statistics
CSI High Level Architecture
Yoda (Distributed Query Engine)
Sample Data App - SARA
WAF Accuracy Lingo
Things You Need to Know
Akamai WAF Testing (AWT) Framework
AWT Built-In Test Cases
AWT Reports - False Positives Analysis
Risk Groups
Multiple Thresholds
CRS Issue #2
HTTP Violations
960015 - Research into 3 hours of triggers
Cookies
Score Spreading Across Selectors
Rule Inefficiency
Summary
Taught by
OWASP Foundation