Hello there!

We'll have our next online event in a bit more than two weeks. Presenting language will be English again.

Now we are at the defender-side of the table. Modsecurity is a cool thing but the rule set is maybe not as easy to deal with so this is an opportunity to get first hand info from Christian Folini. He co-leads the
OWASP ModSecurity Core Rule Set project.

TLDR:

Title: "ModSecurity Core Rule Set (CRS)"
Speaker: Christian Folini
Location: Online, please check the link the day before
Start: 14th of April 2021, 7:00 pm (CET)
Networking: Stick around afterwards if you like.

Abstract:

This is a basic introduction to the OWASP ModSecurity Core Rule Set
(CRS). The talk presents ModSecurity as an open source web application
firewall, runs an installation demo for CRS, presents important group
of rules and explains the core concepts like anomaly scoring, paranoia
levels and strict siblings along the way.

Traditionally, the OWASP ModSecurity Core Rule Set, an OWASP flagship
project, has been hard to use. However, the release of CRS 3.0 in 2017 and the advancements made up to CRS 3.4 successfully removed most of the false positives in the default installation

Bio:

Christian Folini is a security engineer and open source enthusiast. He
holds a PhD in medieval history and enjoys defending castles across
Europe. Unfortunately, defending medieval castles is not a big
business anymore and so, he turned to defending web applications, which he finds equally challenging. He brings more than ten years of experience with ModSecurity configuration in high security environments, DDoS defense and threat modeling.

Christian Folini is the author of the second edition of the ModSecurity
Handbook and the best known teacher on the subject. He serves as the program chair of the "Swiss Cyber Storm" conference, the prime security conference in Switzerland. He is a frequent speaker at conferences, where he tries to use his background in the humanities to explain hardcore technical topics to audiences of different backgrounds.

How to participate

OWASP Hamburg Meetup members who RSVP'd for the event will see the URL at the RHS and can join the video conference directly. I'll update the invite URL ~ a day before. THE ONE WHICH YOU SEE NOW IS NOT CORRECT. Please make sure when joining you are muted by default.

Our OWASP "Stammtisch"

Our meeting is about web applications and their (in)security and/or about IT security in general. People come together who care as a hobby or in their job about information security: developers, managers, pentesters and everybody else who's interested. The atmosphere is open and relaxed. Who's coming to sell products or services: Move on, this is not the right place. OWASP is about education and sharing (mostly) technical information.

Feel free to forward our meetup URL to your colleagues or friends. They are welcome, too. Participation is free and open -- as the O in OWASP.

Cheers, Dirk