AppSec California 2020, January 21-24 at the Annenberg Beach House, Santa Monica, CA
Back To Schedule
Friday, January 24 • 2:10pm - 3:00pm
Practical OWASP CRS in High Security Settings

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Traditionally, the OWASP ModSecurity Core Rule Set, an OWASP flagship project, has been hard to use. However, the release of CRS 3.0 in 2017 and the advancements made with CRS 3.1 successfully removed most of the false positives in the default installation. This improved the user experience when running the only general purpose open source web application firewall. The presentation explains how to run CRS successfully in high security settings. This includes practical advice to tuning, working with the anomaly thresholds, the paranoia levels and complementary whitelisting rule sets. This talk is based on many years of experience gained by using CRS in various high security settings, including the one by Swiss Post for it's national online voting service.

avatar for Christian Folini

Christian Folini

OWASP project co-lead, OWASP
Christian Folini is a security engineer and open source enthusiast. He holds a PhD in medieval history and enjoys defending castles across Europe. Unfortunately, defending medieval castles is not a big business anymore and so, he turned to defending web servers, which he finds equally... Read More →

Friday January 24, 2020 2:10pm - 3:00pm PST
Sand and Sea Room