The CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. CRS is the 1st line of defense against web application attacks like those summarized in the OWASP Top Ten and all with a minimum of false alerts. This talk demonstrates the installation of the rule set and introduces the most important groups of rules. It covers key concepts like anomaly scoring and thresholds, paranoia levels, stricter siblings and the sampling mode. The important handling of false positives is also covered as well as pre-defined lists of rule exclusions for popular web applications helping to avoid false positives.
This talk is meant as an introductory talk for an audience not familiar with ModSecurity and CRS.
--------------------------------------------------------------------------------
Speaker: Christian Folini
Speaker Profile
Christian enjoys medieval history and defending castles across Europe. Unfortunately, defending medieval castles is not a big business anymore and so, he turned to defending web servers, which he finds equally challenging. He brings more than ten years of experience with ModSecurity configuration in high security environments, DDoS defense and threat modeling.
Christian is the co-author of the second edition of the ModSecurity Handbook and the best known teacher on the subject. His ModSecurity Masterclass is delivered in partnership with London-based Feisty Duck. He co-leads the OWASP ModSecurity Core Rule Set project and serves as the program chair of the ""Swiss Cyber Storm"" conference, the prime security conference in Switzerland. Christian is the vice president of the Swiss federal public-private-partnership ""Swiss Cyber Experts"" and he helps to edit the Center for Internet Security ""Apache Benchmark"". He is a frequent speaker at conferences, where he tries to use his background in the humanities to explain hardcore technical topics to audiences of different backgrounds.
--------------------------------------------------------------------------------
Agenda
18:00 Arival and coffee
18:30 Presentation
19:45 Networking and Buffet
THIS EVENT IS BROUGHT TO YOU BY: BCS DevSecOps SG.
'Regular' attendees of BCS events - please note the venue change. From 1st September, BCS London will be based in Moorgate. You will need to sign in on arrival to gain entry to the building.
--------------------------------------------------------------------------------
