Explore the fundamentals of web application security in this 44-minute webinar presented by Christian Folini at Nullcon. Delve into the OWASP ModSecurity Core Rule Set (CRS), a powerful open-source tool designed to protect web applications from a wide range of attacks. Learn about the concept of Web Application Firewalls (WAFs), the ModSecurity engine, and key CRS features such as paranoia levels, stricter siblings, and anomaly scoring. Witness a live demonstration of the ruleset's detection capabilities and gain insights into managing false positives, custom responses, and rule updates in enterprise environments. Benefit from Folini's extensive experience in high-security ModSecurity configuration, DDoS defense, and threat modeling as he bridges complex technical concepts with his unique background in medieval history.
Overview
Syllabus
Introduction
Christian Folini
Why use a Web Application Firewall
What is ModSecurity
Rules on Top
How does it work
Levels of paranoia
How does that look
Confirmed
Anomaly Scoring
Demo
Problem false positives
Summary
Questions
Custom Response
Rule Updates
How to manage this on enterprise level
Karraza
Dust
payload
antiautomation
plugins
Taught by
nullcon
Related Courses
-
Application Analysis with ModSecurity
-
Introducing the OWASP ModSecurity Core Rule Set 3.0 - AppSec EU 2017
-
Core Rule Set for the Masses
-
OWASP Flagship Projects - OWASP ModSecurity Core Rule Set
-
Practical OWASP CRS in High Security Settings
-
The Rise and Fall of ModSecurity and the OWASP Core Rule Set
