The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. CRS is the 1st line of defense against web application attacks like those summarized in the OWASP Top Ten and all with a minimum of false alerts. This talk demonstrates the installation of the rule set and introduces the most important groups of rules. It covers key concepts like anomaly scoring and thresholds, paranoia levels, stricter siblings and the sampling mode. The important handling of false positives is also covered as well as pre-defined lists of rule exclusions for popular web applications helping to avoid false positives.
Curriculum
Course Details
Available in
days
days
after you enroll
- 1. Introdcution & agenda (0:50)
- 2. Mod Security and OWASP Core Rule Set (8:46)
- 3. Web Application Fire Walls (13:47)
- 4. Mod Security (13:52)
- 5. Owasp Mod Security Core Rule Set - Part 1 (23:04)
- 5. Owasp Mod Security Core Rule Set - Part 2 (22:19)
- 5. Owasp Mod Security Core Rule Set - Part 3 (10:48)
- 5. Owasp Mod Security Core Rule Set - Part 4 (6:08)
- 5. Owasp Mod Security Core Rule Set - Part 5 (16:11)
- 5. Owasp Mod Security Core Rule Set - Part 6 (15:42)
- 5. Owasp Mod Security Core Rule Set - Part 7 (31:16)
- 6. Mod Security Cheat Sheet (18:55)
Other Courses
Here are a few more courses you may be interested in
