filmov
tv
AppSec EU 2017 Introducing The OWASP ModSecurity Core Rule Set 3 0 by Christian Folini
Показать описание
The CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls that saw a new major release in November 2016 (3.0 vs GR; CRS3). CRS is the 1st line of defense against web application attacks like those summarized in the OWASP Top Ten and all with a minimum of false alerts.
This talk demonstrates the installation of the rule set and introduces the most important groups of rules. It covers key concepts like anomaly scoring and thresholds, paranoia levels, stricter siblings and the sampling mode. The important handling of false positives is also covered as well as pre-defined lists of rule exclusions for popular web applications helping to avoid false positives.
-
This talk demonstrates the installation of the rule set and introduces the most important groups of rules. It covers key concepts like anomaly scoring and thresholds, paranoia levels, stricter siblings and the sampling mode. The important handling of false positives is also covered as well as pre-defined lists of rule exclusions for popular web applications helping to avoid false positives.
-
0:50:06
AppSec EU 2017 Introducing The OWASP ModSecurity Core Rule Set 3 0 by Christian Folini
0:33:49
AppSec EU 2017: Putting the “Sec” in DevOps
0:50:06
AppSec EU 2017 Introducing The OWASP ModSecurity Core Rule Set 3 0 by Christian Folini.mp4
0:43:48
AppSec EU 2017 Embedding GDPR Into The SDLC by Sebastien Deleersnyder and Siebe De Roovere
0:43:52
AppSec EU 2017 An Introduction To Quantum Safe Cryptography by Liz O'Sullivan
0:30:24
AppSec EU 2017 Analysis And Detection Of Authentication Cross Site Request Forgery by Luca Compagna
0:39:10
AppSec EU 2017 Making Vulnerability Management Suck Less With DefectDojo by Greg Ande
0:44:35
AppSec EU 2017 2017: Rise Of The Machines by Kev D'Arcy, Nicholas Raite and Rohini Sulatycki
0:07:20
AppSec EU 2017 Conference Opening Address by Gary Robinson
0:20:00
AppSec EU 2017 I Am Not A Robot: Job Security In A DevSecOps World by Correy Voo
0:35:06
AppSec EU 2017 So We Broke All CSPs You Won't Guess What Happened Next by Michele Spagnuolo
0:28:56
AppSec EU 2017 Application Security For DevSecOps by Joseph Feiman
0:46:39
AppSec EU 2017 Don't Trust The DOM: Bypassing XSS Mitigations Via Script Gadgets by Sebastian L...
0:44:50
AppSec EU 2017 On The (In-)Security Of JavaScript Object Signing And Encryption by Dennis Detering
0:40:15
AppSec EU 2017 The Flaws In Hordes, The Security In Crowds by Mike Shema
0:25:57
AppSec EU 2017 Looking Back To Look Ahead by Brian Honan
0:14:56
AppSec EU 2017 LT AngularJS + CSP: A Perfect Match Or Unhappy Marriage? by David Johansson
0:22:10
AppSec EU 2017 What Is A DevSecOps Engineer? by Helen Beal
0:37:11
AppSec EU 2017 The Path Of Secure Software by Katy Anton
0:39:26
AppSec EU 2017 Fixing Mobile AppSec: The OWASP Mobile Project by Bernhard Mueller and Sven Schleier
0:23:42
AppSec EU 2017 Securing The Continuous Integration Process by Irene Michlin
0:49:24
AppSec EU 2017 Boosting The Security Of Your Angular 2 Application by Philippe De Ryck
0:40:43
AppSec EU 2017 OWASP Juice Shop by Björn Kimminich
0:36:43
AppSec EU 2017 Exploiting CORS Misconfigurations For Bitcoins And Bounties by James Kettle
Комментарии