Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Introduction to the OWASP ModSecurity Core Rule Set

nullcon via YouTube

Overview

Explore the fundamentals of web application security in this 44-minute webinar presented by Christian Folini at Nullcon. Delve into the OWASP ModSecurity Core Rule Set (CRS), a powerful open-source tool designed to protect web applications from a wide range of attacks. Learn about the concept of Web Application Firewalls (WAFs), the ModSecurity engine, and key CRS features such as paranoia levels, stricter siblings, and anomaly scoring. Witness a live demonstration of the ruleset's detection capabilities and gain insights into managing false positives, custom responses, and rule updates in enterprise environments. Benefit from Folini's extensive experience in high-security ModSecurity configuration, DDoS defense, and threat modeling as he bridges complex technical concepts with his unique background in medieval history.

Syllabus

Introduction
Christian Folini
Why use a Web Application Firewall
What is ModSecurity
Rules on Top
How does it work
Levels of paranoia
How does that look
Confirmed
Anomaly Scoring
Demo
Problem false positives
Summary
Questions
Custom Response
Rule Updates
How to manage this on enterprise level
Karraza
Dust
payload
antiautomation
plugins

Taught by

nullcon

Reviews

Start your review of Introduction to the OWASP ModSecurity Core Rule Set

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.