AppSecEU08 Remo presentation

Remo presentation (Positive ModSecurity rulesets / Input validation)

The most widespread approach to rulesets for ModSecurity and Web Application Firewall in general is to use negative rulesets. That is to defend against patterns of known attacks.

Such a "default permit" strategy is inadequate for network firewalls and it will also be inadequate for application layer defense in the long run.

Remo is a simple rule editor, that writes ModSecurity rules which in turn can be used inside a WAF running ModSecurity.

The speech will introduce black- and whitelist approaches and give a brief overview on Remo and the status of the project.

About the Speaker: Christian Folini is an IT consultant based in Switzerland. His work is mostly focussed on Apache and things related to the architecture of multi-tier web applications. Christian Folini works for netnea.com and holds a PhD in medieval history. He is one of the leaders of the Company of St. George.