Overview
Syllabus
Intro
Agenda
Verizon Edgecast Network
Web Application Firewalls
WAF Benefits
Mod Security - A brief history
Mod Security Architecture - Two Components
ModSecurity Principles
Mod Security Capabilities
Performance Considerations
Response Time Test
Limitations
WAFs Are Essential
Set Your Expectations
Know Yourself
Know Your Adversary
Know Your Environment
Let's NOT Abandon WAF
Core Rule Set (CRS)
The Holy Grail of Fine-tuning
Fine-tuning Your WAF
Anomaly Scoring in Mod Security
Anomaly Scoring Explained
Keeping the Wall Bulletproof
Safe Exclusions
Exclusion Example
Cookie Exclusions
Core Rule Set 3.0
Paranoia Mode
Taught by
OWASP Foundation