Skip to content

Introducing the OWASP ModSecurity Core Rule Set 3.0

Photo of Robert Schneider
Hosted By
Robert S.
Introducing the OWASP ModSecurity Core Rule Set 3.0

Details

We'd like to invite you to our next OWASP Switzerland (http://owasp.ch) meeting. If you want to attend, please make sure to register for the event.

https://www.owasp.org/images/6/63/Crs3.png

Topic

The CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls that saw a new major release in November 2016 (3.0 -> CRS3). CRS is the 1st line of defense against web application attacks like those summarized in the OWASP Top Ten and all with a minimum of false alerts.

This talk demonstrates the installation of the rule set and introduces the most important groups of rules. It covers key concepts like anomaly scoring and thresholds, paranoia levels, stricter siblings and the sampling mode. The important handling of false positives is also covered as well as pre-defined lists of rule exclusions for popular web applications helping to avoid false positives.

Speaker

Christian Folini is a partner at netnea AG in Berne. He holds a PhD in medieval history and enjoys defending castles across Europe. Unfortunately, defending medieval castles is no big business anymore and Christian turned to defending web servers which he thinks equally challenging. With his background in humanities, Christian is able to bridge the gap between techies and non-techies. He brings more than ten years experience in this role, specialising in Apache / ModSecurity configuration, DDoS defense and threat modeling.

Christian is a frequent committer to the OWASP ModSecurity Core Rules project, vice president of Swiss Cyber Experts (a public private partnership), program chair of the Swiss Cyberstorm conference and many other things.

Agenda

17:30 - Doors will open

18:00 - Welcome and short introduction

18:20 - Talk and Q&A

19:30 - Dinner

Who

As usual, all of our meetings are open to everyone and free of charge.

Afterwards

If you still would like to grab a bite afterwards, simply stay a little longer and we will form up a group of hungry and discussion-friendly people. ;)

More

Stay tuned by joining us here on Meetup (https://www.meetup.com/de-DE/OWASPSwitzerland/) and/or by subscribing to our (low-traffic) mailing list (https://lists.owasp.org/mailman/listinfo/owasp-switzerland).

Events in Zürich, CH
Photo of OWASP Switzerland Chapter group
OWASP Switzerland Chapter
See more events
OWASP Switzerland Chapter
Photo of OWASP Switzerland Chapter group
Swisscom
Hardturmstrasse 3 · Zürich
Photo of OWASP Switzerland Chapter group
OWASP Switzerland Chapter
public group