This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
View analytic
Thursday, May 11 • 16:15 - 17:00
Introducing the OWASP ModSecurity Core Rule Set 3.0

Sign up or log in to save this to your schedule and see who's attending!

Feedback form is now closed.
The CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls that saw a new major release in November 2016 (3.0 -> CRS3). CRS is the 1st line of defense against web application attacks like those summarized in the OWASP Top Ten and all with a minimum of false alerts.
This talk demonstrates the installation of the rule set and introduces the most important groups of rules. It covers key concepts like anomaly scoring and thresholds, paranoia levels, stricter siblings and the sampling mode. The important handling of false positives is also covered as well as pre-defined lists of rule exclusions for popular web applications helping to avoid false positives.

avatar for Christian Folini

Christian Folini

Partner, netnea.com
Christian Folini is a partner at netnea AG in Berne, Switzerland. He holds a PhD in medieval history and enjoys defending castles across Europe. Unfortunately, defending medieval castles is no big business anymore and Christian turned to defending web servers which he thinks equa... Read More →

Thursday May 11, 2017 16:15 - 17:00
Waterfront Center: Hall 2B

Attendees (20)