Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Core Rule Set for the Masses

OWASP Foundation via YouTube

Overview

Explore the intricacies of fine-tuning the OWASP ModSecurity Web Application Firewall in this 37-minute conference talk from AppSecUSA 2017. Gain insights from Verizon Edgecast CDN's large-scale deployment of the OWASP Core Rule Set (CRS) across thousands of servers. Learn strategies for reducing alert noise levels by up to 90% using lesser-known ModSecurity features. Discover the challenges and benefits of upgrading from CRS 2.2.9 to 3.0. Understand how to balance risk management and false positives for diverse customer needs. Walk away with practical knowledge on optimizing CRS implementation, including anomaly scoring, safe exclusions, and leveraging paranoia mode in CRS 3.0. Benefit from the speakers' extensive experience in security analysis, incident response, and WAF consulting to enhance your own ModSecurity fine-tuning process.

Syllabus

Intro
Agenda
Verizon Edgecast Network
Web Application Firewalls
WAF Benefits
Mod Security - A brief history
Mod Security Architecture - Two Components
ModSecurity Principles
Mod Security Capabilities
Performance Considerations
Response Time Test
Limitations
WAFs Are Essential
Set Your Expectations
Know Yourself
Know Your Adversary
Know Your Environment
Let's NOT Abandon WAF
Core Rule Set (CRS)
The Holy Grail of Fine-tuning
Fine-tuning Your WAF
Anomaly Scoring in Mod Security
Anomaly Scoring Explained
Keeping the Wall Bulletproof
Safe Exclusions
Exclusion Example
Cookie Exclusions
Core Rule Set 3.0
Paranoia Mode

Taught by

OWASP Foundation

Reviews

Start your review of Core Rule Set for the Masses

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.