OWASP ModSecurity Core Rule Set Project

The presentation
The ModSecurity Core Rule Set (CRS) is a free, generic set of web application firewall rules that provide valuable protection against web attacks. In 2009, the CRS was made into an official OWASP project (http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project) to help facilitate the development of the rules. This presentation will provide an overview of the CRS version 2.0 functionality, how it works and all of the new features including - - Snort web attack signatures Includes a large rule set of converted Emerging Threats? Snort web attack signatures and Breach Security Labs will continue to periodically release new signatures. - Collaborative rules Now operates in a collaborative fashion where all CRS rules can set transactional variables to specify what rule matched, the location of the match and what payload data matched. - Anomaly scoring Each rule now contributes to the overall anomaly score and users can choose what threshold is appropriate for their site. - Easier exception handling Users are now able to add in their own local exceptions to override the CRS checks without needing to edit the rules themselves.

The speaker
Ryan C. Barnett is the Director of Application Security Research at Breach Security where he leads Breach Security Labs. He is a frequent speaker at industry conferences such as Blackhat and is a Faculty Member for the SANS Institute and Team Lead for the Center for Internet Security Apache Benchmark Project. He is the OWASP ModSecurity Core Rule Set (CRS) Project Leader and a member of the Web Application Security Consortium where he leads the Distributed Open Proxy Honeypot Project. Mr. Barnett has also authored a web security book for Addison/Wesley Publishing entitled "Preventing Web Attacks with Apache".