Core Rule Set for the Masses

Everyone who has used, or attempted to use, OWASP ModSecurity Web Application Firewall knows something about fine-tuning rules. ModSecurity Core Rule Set (CRS) was designed to catch more, show more and let you decide what to do with security alerts. It is a time consuming -- and often frustrating -- exercise to analyze alerts, separating the wheat from the chaff, and determine which are candidates for blocking.


With thousands of servers at more than 100 locations, Verizon Edgecast CDN is one of the world’s largest deployment of OWASP Core Rule Set. We will share our experience in fine-tuning the CRS for a large number of customers, adjusting to their taste in risk and attitude toward false positives. We will discuss lesser used features of ModSecurity to cut down noise levels in alerts, sometimes as much as 90%. We will also discuss our experience in moving from CRS 2.2.9 to 3.0 which was released in late 2016.


We hope that the audience will walk away with understanding benefits of using the venerable web application firewall with the latest enhancements and issues to consider to get the most out of it. Ultimately, we hope that our experience will make your task of fine-tuning the CRS a little easier.


Speakers

Robert Whitley
Security Solutions Architect, Verizon Digital Media Services
Robert Whitley started out his career as a customer facing SOC analyst that allowed him to explore the breadth of the information security field. After working closely on incident response and threat intel, Robert now spends his day to day on consulting users on WAF.

Tin Zaw
Director, Security Solutions, Verizon
Tin Zaw has served as Verizon Digital Media Services’ director of global security solutions since 2015. He and his team provide managed and professional security services protecting their clients' web properties from exterior threats from the internet.

-

Managed by the official OWASP Media Project https://www.owasp.org/index.php/OWASP...