The OWASP CRS Sampling Mode
Running ModSecurity CRS for the first time on an existing service is like a jump into murky water.
With the sampling mode you can run CRS on a limited percentage of the traffic, which reduces the risk a big deal.
modsecurity
An A7 First Aid Kit
Let’s consider Dave Wichers and the OWASP Top 10 project resists all the pressure and the 2017 edition of OWASP Top 10 will include the new A7 “Insufficient Attack Protection”. Lately the discussion has turned more constructive so maybe that prospect is not all that unrealistic. But honestly, I can not tell if A7 will […]
Optimized Lab-Setup to attack ModSecurity with Security Scanners
Damiano Esposito of ZHAW and I run a little test project where we want to measure the effectiveness of the OWASP ModSecurity Core Rule Set 3.0 (CRS3) under attack by several security scanners. The testing is only about to start, but I would like to document the setup of the ModSecurity server a bit to […]
Starting to build a set of rule exclusions or TYPO3
@avarx_ is part of the Swiss team for the European Cyber Security Challenges and also a member of the TYPO3 security team. I joined with him to start a set of TYPO3 rule exclusions for the OWASP ModSecurity Core Rule Set 3.0 (short CRS3). This is a set of rules to be deployed on a WAF in order to […]
Writing the 2nd Edition of the ModSecurity Handbook
What I like about Ivan Ristić’s ModSecurity Book is the wide approach it takes. The multipurpose nature of ModSecurity makes it hard to overview all the areas and all the functionality. But Ivan did a very good job providing a gentle introduction to all these areas. Hence, it proved to be the standard book for […]
