Practical OWASP CRS in High Security Settings - Christian Folini
602 بار بازدید -
4 سال پیش
-
https://appseccalifornia.org/
Traditionally, the OWASP ModSecurity Core Rule Set, an OWASP flagship project, has been hard to use. However, the release of CRS 3.0 in 2017 and the advancements made with CRS 3.1 successfully removed most of the false positives in the default installation. This improved the user experience when running the only general purpose open source web application firewall. The presentation explains how to run CRS successfully in high security settings. This includes practical advice to tuning, working with the anomaly thresholds, the paranoia levels and complementary whitelisting rule sets. This talk is based on many years of experience gained by using CRS in various high security settings, including the one by Swiss Post for it's national online voting service.
Christian Folini
Security Engineer, netnea.com
Christian Folini is a security engineer and open source enthusiast. He holds a PhD in medieval history and enjoys defending castles across Europe.
Traditionally, the OWASP ModSecurity Core Rule Set, an OWASP flagship project, has been hard to use. However, the release of CRS 3.0 in 2017 and the advancements made with CRS 3.1 successfully removed most of the false positives in the default installation. This improved the user experience when running the only general purpose open source web application firewall. The presentation explains how to run CRS successfully in high security settings. This includes practical advice to tuning, working with the anomaly thresholds, the paranoia levels and complementary whitelisting rule sets. This talk is based on many years of experience gained by using CRS in various high security settings, including the one by Swiss Post for it's national online voting service.
Christian Folini
Security Engineer, netnea.com
Christian Folini is a security engineer and open source enthusiast. He holds a PhD in medieval history and enjoys defending castles across Europe.
4 سال پیش
در تاریخ 1398/12/01 منتشر شده
است.
602
بـار بازدید شده