SlideShare a Scribd company logo
Crazy incentives
and how they drive
security into
no man's land
Christian Folini
Keynote 2023
Streaming
in China
Source:
@RealSexyCyborg
(Naomi Wu)
Streaming
in China
Hello Insomni’Hack!
I am Christian Folini
Find me at @ChrFolini / @folini@infosec.exchange
Swiss Security Engineer
OWASP CRS Co-Lead
Wearer of Many Helmets
“
In general, incentives are
anything that persuade a
person to alter their
behaviour. (Wikipedia)
“
In general, incentives are anything that
persuade a person to alter their behaviour.
...
Higher incentives amount to greater levels
of effort and therefore, higher levels of
performance.
Elon scrambling
for money
“
Nessus
Reports
More Nessus
Madness
Inflated
Numbers
Even Bigger
Numbers
Source: https://techjury.net/
The Infamous
Norse
Dashboard
A Kibana Example
Typical ModSecurity Dashboard Element
Survivorship
Bias
Source: Wikipedia: Survivorship Bias
Bug Bounty Hunters
Source:
https://pexels.com
Bug Bounty
Hunters
Penetration Testers
Large
Baskets
with
Many,
Many
Eggs
Crisis
Communication
Ransomware
Source: Wikipedia: AIDS DOS Trojan 1989
Ransomware and Cyber Insurance
Commercial WAF Detection Rates
Source: https://fraktal.fi (Tuomo Makkonnen, 2020)
Unce upon a time, there was a boy ...
The boy was a shepherd
His little herd also included a ram
He took them through a forest
In the forest, there was a wolf
The boy screamed and called the hunters
The hunters came and wanted to kill the wolf
But as it turned out, it was all a false positive!
The alternative: a false negative!
The alternative: a false negative!
The alternative: a false negative!
Commercial WAF Detection Rates
Source: https://fraktal.fi (Tuomo Makkonnen, 2020)
Summary
Let’s wrap this up!
Level 1
An overly relaxed attitude,
ignorance, negligence and
carelessness lead to bad
incentives for users.
Tricking them into weak
decisions undermining
security.
Two Levels of Bad Incentives
Level 2
Deliberately following or
setting crazy incentives for
immediate gain;
consciously prioritizing
financial benefit over
security of users and their
data.
It’s your job to raise the alarm when incentives
and security don’t align!
Contact
christian.folini@netnea.com
@ChrFolini
@folini@infosec.exchange

More Related Content

What's hot

20201207 AWS Black Belt Online Seminar AWS re:Invent 2020 速報 Part1
20201207 AWS Black Belt Online Seminar AWS re:Invent 2020 速報 Part120201207 AWS Black Belt Online Seminar AWS re:Invent 2020 速報 Part1
20201207 AWS Black Belt Online Seminar AWS re:Invent 2020 速報 Part1
Amazon Web Services Japan
 
Unityによるリアルタイム通信とMagicOnionによるC#大統一理論の実現
Unityによるリアルタイム通信とMagicOnionによるC#大統一理論の実現Unityによるリアルタイム通信とMagicOnionによるC#大統一理論の実現
Unityによるリアルタイム通信とMagicOnionによるC#大統一理論の実現
Yoshifumi Kawai
 
AWS Batch Fargate対応は何をもたらすか
AWS Batch Fargate対応は何をもたらすかAWS Batch Fargate対応は何をもたらすか
AWS Batch Fargate対応は何をもたらすか
Shun Fukazawa
 
VMware Cloud on AWS POC L3VPN 接続ガイド (IPsec、ルートベースVPN)
VMware Cloud on AWS POC L3VPN 接続ガイド (IPsec、ルートベースVPN)VMware Cloud on AWS POC L3VPN 接続ガイド (IPsec、ルートベースVPN)
VMware Cloud on AWS POC L3VPN 接続ガイド (IPsec、ルートベースVPN)
Noritaka Kuroiwa
 
カジュアルにVPC作った結果がこれだよ!
カジュアルにVPC作った結果がこれだよ!カジュアルにVPC作った結果がこれだよ!
カジュアルにVPC作った結果がこれだよ!
Emma Haruka Iwao
 
20191030 AWS Black Belt Online Seminar AWS IoT Analytics Deep Dive
20191030 AWS Black Belt Online Seminar AWS IoT Analytics Deep Dive 20191030 AWS Black Belt Online Seminar AWS IoT Analytics Deep Dive
20191030 AWS Black Belt Online Seminar AWS IoT Analytics Deep Dive
Amazon Web Services Japan
 
Serverless Application Security on AWS
Serverless Application Security on AWSServerless Application Security on AWS
Serverless Application Security on AWS
Amazon Web Services Japan
 
機密データとSaaSは共存しうるのか!?セキュリティー重視のユーザー層を取り込む為のネットワーク通信のアプローチ
機密データとSaaSは共存しうるのか!?セキュリティー重視のユーザー層を取り込む為のネットワーク通信のアプローチ機密データとSaaSは共存しうるのか!?セキュリティー重視のユーザー層を取り込む為のネットワーク通信のアプローチ
機密データとSaaSは共存しうるのか!?セキュリティー重視のユーザー層を取り込む為のネットワーク通信のアプローチ
Amazon Web Services Japan
 
Plan de compensación de Immunotec
Plan de compensación de ImmunotecPlan de compensación de Immunotec
Plan de compensación de Immunotec
Ing. Jose Luis Gonzalez
 
リアルタイムなゲームの開発でコンテナを使ってみたら簡単便利で激安だったのでオススメしたい
リアルタイムなゲームの開発でコンテナを使ってみたら簡単便利で激安だったのでオススメしたいリアルタイムなゲームの開発でコンテナを使ってみたら簡単便利で激安だったのでオススメしたい
リアルタイムなゲームの開発でコンテナを使ってみたら簡単便利で激安だったのでオススメしたい
YutoNishine
 
【Unite Tokyo 2019】Unity + PlayFab ではじめる新しいゲーム運用 ~LiveOpsの始め方~
【Unite Tokyo 2019】Unity + PlayFab ではじめる新しいゲーム運用 ~LiveOpsの始め方~【Unite Tokyo 2019】Unity + PlayFab ではじめる新しいゲーム運用 ~LiveOpsの始め方~
【Unite Tokyo 2019】Unity + PlayFab ではじめる新しいゲーム運用 ~LiveOpsの始め方~
UnityTechnologiesJapan002
 
ニワトリでもわかるECS入門
ニワトリでもわかるECS入門ニワトリでもわかるECS入門
ニワトリでもわかるECS入門
Yoshiki Kobayashi
 
デモで楽しむ Visual Studio 2022 & .NET 6 最新アップデート
デモで楽しむ Visual Studio 2022 & .NET 6 最新アップデートデモで楽しむ Visual Studio 2022 & .NET 6 最新アップデート
デモで楽しむ Visual Studio 2022 & .NET 6 最新アップデート
Akira Inoue
 
H indalco novelis
H indalco novelisH indalco novelis
H indalco novelis
Ashutosh Mantry
 
20200809_2020年から始める Azure Cosmos DB 入門 with Azure Synapse Link recap
20200809_2020年から始める Azure Cosmos DB 入門 with Azure Synapse Link recap20200809_2020年から始める Azure Cosmos DB 入門 with Azure Synapse Link recap
20200809_2020年から始める Azure Cosmos DB 入門 with Azure Synapse Link recap
Oshitari_kochi
 
VMware Cloud on AWS POC ダイレクトコネクト接続ガイド
VMware Cloud on AWS POC ダイレクトコネクト接続ガイドVMware Cloud on AWS POC ダイレクトコネクト接続ガイド
VMware Cloud on AWS POC ダイレクトコネクト接続ガイド
Noritaka Kuroiwa
 
Vue入門
Vue入門Vue入門
Vue入門
Takeo Noda
 
UB Ventures SaaS Annual Report 2021
UB Ventures SaaS Annual Report 2021UB Ventures SaaS Annual Report 2021
UB Ventures SaaS Annual Report 2021
UB Ventures
 
Abenomics - The Saviour of Japan.
Abenomics - The Saviour of Japan.Abenomics - The Saviour of Japan.
Abenomics - The Saviour of Japan.
Archit Sharma
 
Comparison between Hyperinflation in Germany and Zimbabwe
Comparison between Hyperinflation in Germany and ZimbabweComparison between Hyperinflation in Germany and Zimbabwe
Comparison between Hyperinflation in Germany and Zimbabwe
Rohan Bharaj
 

What's hot (20)

20201207 AWS Black Belt Online Seminar AWS re:Invent 2020 速報 Part1
20201207 AWS Black Belt Online Seminar AWS re:Invent 2020 速報 Part120201207 AWS Black Belt Online Seminar AWS re:Invent 2020 速報 Part1
20201207 AWS Black Belt Online Seminar AWS re:Invent 2020 速報 Part1
 
Unityによるリアルタイム通信とMagicOnionによるC#大統一理論の実現
Unityによるリアルタイム通信とMagicOnionによるC#大統一理論の実現Unityによるリアルタイム通信とMagicOnionによるC#大統一理論の実現
Unityによるリアルタイム通信とMagicOnionによるC#大統一理論の実現
 
AWS Batch Fargate対応は何をもたらすか
AWS Batch Fargate対応は何をもたらすかAWS Batch Fargate対応は何をもたらすか
AWS Batch Fargate対応は何をもたらすか
 
VMware Cloud on AWS POC L3VPN 接続ガイド (IPsec、ルートベースVPN)
VMware Cloud on AWS POC L3VPN 接続ガイド (IPsec、ルートベースVPN)VMware Cloud on AWS POC L3VPN 接続ガイド (IPsec、ルートベースVPN)
VMware Cloud on AWS POC L3VPN 接続ガイド (IPsec、ルートベースVPN)
 
カジュアルにVPC作った結果がこれだよ!
カジュアルにVPC作った結果がこれだよ!カジュアルにVPC作った結果がこれだよ!
カジュアルにVPC作った結果がこれだよ!
 
20191030 AWS Black Belt Online Seminar AWS IoT Analytics Deep Dive
20191030 AWS Black Belt Online Seminar AWS IoT Analytics Deep Dive 20191030 AWS Black Belt Online Seminar AWS IoT Analytics Deep Dive
20191030 AWS Black Belt Online Seminar AWS IoT Analytics Deep Dive
 
Serverless Application Security on AWS
Serverless Application Security on AWSServerless Application Security on AWS
Serverless Application Security on AWS
 
機密データとSaaSは共存しうるのか!?セキュリティー重視のユーザー層を取り込む為のネットワーク通信のアプローチ
機密データとSaaSは共存しうるのか!?セキュリティー重視のユーザー層を取り込む為のネットワーク通信のアプローチ機密データとSaaSは共存しうるのか!?セキュリティー重視のユーザー層を取り込む為のネットワーク通信のアプローチ
機密データとSaaSは共存しうるのか!?セキュリティー重視のユーザー層を取り込む為のネットワーク通信のアプローチ
 
Plan de compensación de Immunotec
Plan de compensación de ImmunotecPlan de compensación de Immunotec
Plan de compensación de Immunotec
 
リアルタイムなゲームの開発でコンテナを使ってみたら簡単便利で激安だったのでオススメしたい
リアルタイムなゲームの開発でコンテナを使ってみたら簡単便利で激安だったのでオススメしたいリアルタイムなゲームの開発でコンテナを使ってみたら簡単便利で激安だったのでオススメしたい
リアルタイムなゲームの開発でコンテナを使ってみたら簡単便利で激安だったのでオススメしたい
 
【Unite Tokyo 2019】Unity + PlayFab ではじめる新しいゲーム運用 ~LiveOpsの始め方~
【Unite Tokyo 2019】Unity + PlayFab ではじめる新しいゲーム運用 ~LiveOpsの始め方~【Unite Tokyo 2019】Unity + PlayFab ではじめる新しいゲーム運用 ~LiveOpsの始め方~
【Unite Tokyo 2019】Unity + PlayFab ではじめる新しいゲーム運用 ~LiveOpsの始め方~
 
ニワトリでもわかるECS入門
ニワトリでもわかるECS入門ニワトリでもわかるECS入門
ニワトリでもわかるECS入門
 
デモで楽しむ Visual Studio 2022 & .NET 6 最新アップデート
デモで楽しむ Visual Studio 2022 & .NET 6 最新アップデートデモで楽しむ Visual Studio 2022 & .NET 6 最新アップデート
デモで楽しむ Visual Studio 2022 & .NET 6 最新アップデート
 
H indalco novelis
H indalco novelisH indalco novelis
H indalco novelis
 
20200809_2020年から始める Azure Cosmos DB 入門 with Azure Synapse Link recap
20200809_2020年から始める Azure Cosmos DB 入門 with Azure Synapse Link recap20200809_2020年から始める Azure Cosmos DB 入門 with Azure Synapse Link recap
20200809_2020年から始める Azure Cosmos DB 入門 with Azure Synapse Link recap
 
VMware Cloud on AWS POC ダイレクトコネクト接続ガイド
VMware Cloud on AWS POC ダイレクトコネクト接続ガイドVMware Cloud on AWS POC ダイレクトコネクト接続ガイド
VMware Cloud on AWS POC ダイレクトコネクト接続ガイド
 
Vue入門
Vue入門Vue入門
Vue入門
 
UB Ventures SaaS Annual Report 2021
UB Ventures SaaS Annual Report 2021UB Ventures SaaS Annual Report 2021
UB Ventures SaaS Annual Report 2021
 
Abenomics - The Saviour of Japan.
Abenomics - The Saviour of Japan.Abenomics - The Saviour of Japan.
Abenomics - The Saviour of Japan.
 
Comparison between Hyperinflation in Germany and Zimbabwe
Comparison between Hyperinflation in Germany and ZimbabweComparison between Hyperinflation in Germany and Zimbabwe
Comparison between Hyperinflation in Germany and Zimbabwe
 

Similar to Crazy incentives and how they drive security into no man's land

Vannevar Bush Invention Essay In 1945
Vannevar Bush Invention Essay In 1945Vannevar Bush Invention Essay In 1945
Vannevar Bush Invention Essay In 1945
Vicki Ardon
 
Luxury Personalised Stationery Personal Statio
Luxury Personalised Stationery Personal StatioLuxury Personalised Stationery Personal Statio
Luxury Personalised Stationery Personal Statio
Jenny Calhoon
 
Persuasive Essay For Birth Control
Persuasive Essay For Birth ControlPersuasive Essay For Birth Control
Persuasive Essay For Birth Control
Vanessa Henderson
 
Positive side-effects of misinformation
Positive side-effects of misinformationPositive side-effects of misinformation
Positive side-effects of misinformation
Jim Lippard
 
How News Websites Spread (and Debunk) Online Rumors, Unverified Claims and Mi...
How News Websites Spread (and Debunk) Online Rumors, Unverified Claims and Mi...How News Websites Spread (and Debunk) Online Rumors, Unverified Claims and Mi...
How News Websites Spread (and Debunk) Online Rumors, Unverified Claims and Mi...
Craig Silverman
 
Future_Radicals_Study_Guide_HIGH_RES
Future_Radicals_Study_Guide_HIGH_RESFuture_Radicals_Study_Guide_HIGH_RES
Future_Radicals_Study_Guide_HIGH_RES
Jenny O'Meara
 
Can You Start An Academic Essay With A Quote
Can You Start An Academic Essay With A QuoteCan You Start An Academic Essay With A Quote
Can You Start An Academic Essay With A Quote
Alicia Galindo
 
ACT Writing Prep How To Write An Argumentative Essay The Pr
ACT Writing Prep How To Write An Argumentative Essay  The PrACT Writing Prep How To Write An Argumentative Essay  The Pr
ACT Writing Prep How To Write An Argumentative Essay The Pr
Tonya Roberts
 
A NSA me segue (e a CIA também!)
A NSA me segue (e a CIA também!)A NSA me segue (e a CIA também!)
A NSA me segue (e a CIA também!)
Anchises Moraes
 
Enlightenment Thinkers Essay. Online assignment writing service.
Enlightenment Thinkers Essay. Online assignment writing service.Enlightenment Thinkers Essay. Online assignment writing service.
Enlightenment Thinkers Essay. Online assignment writing service.
Lisa Long
 
Preparing for a Security Breach
Preparing for a Security BreachPreparing for a Security Breach
Preparing for a Security Breach
AlienVault
 
Thesis Statement Examples For Poetry Essays
Thesis Statement Examples For Poetry EssaysThesis Statement Examples For Poetry Essays
Thesis Statement Examples For Poetry Essays
Takyra Roberts
 
Fiction process
Fiction processFiction process
Fiction process
Sarthak Kathuria
 
Vassilis Galanos - The Luciferian Nature of Information and the Informational...
Vassilis Galanos - The Luciferian Nature of Information and the Informational...Vassilis Galanos - The Luciferian Nature of Information and the Informational...
Vassilis Galanos - The Luciferian Nature of Information and the Informational...
Vassilis Galanos
 
Business School Essays That Made A Difference Hands On Learning 4 All
Business School Essays That Made A Difference Hands On Learning 4 AllBusiness School Essays That Made A Difference Hands On Learning 4 All
Business School Essays That Made A Difference Hands On Learning 4 All
Trina Howard
 
Counterterrorism Model Effectiveness
Counterterrorism Model EffectivenessCounterterrorism Model Effectiveness
Counterterrorism Model Effectiveness
Help With Writing Papers Watertown
 
Cybercrime 1
Cybercrime 1Cybercrime 1
Cybercrime 1
nayakslideshare
 

Similar to Crazy incentives and how they drive security into no man's land (17)

Vannevar Bush Invention Essay In 1945
Vannevar Bush Invention Essay In 1945Vannevar Bush Invention Essay In 1945
Vannevar Bush Invention Essay In 1945
 
Luxury Personalised Stationery Personal Statio
Luxury Personalised Stationery Personal StatioLuxury Personalised Stationery Personal Statio
Luxury Personalised Stationery Personal Statio
 
Persuasive Essay For Birth Control
Persuasive Essay For Birth ControlPersuasive Essay For Birth Control
Persuasive Essay For Birth Control
 
Positive side-effects of misinformation
Positive side-effects of misinformationPositive side-effects of misinformation
Positive side-effects of misinformation
 
How News Websites Spread (and Debunk) Online Rumors, Unverified Claims and Mi...
How News Websites Spread (and Debunk) Online Rumors, Unverified Claims and Mi...How News Websites Spread (and Debunk) Online Rumors, Unverified Claims and Mi...
How News Websites Spread (and Debunk) Online Rumors, Unverified Claims and Mi...
 
Future_Radicals_Study_Guide_HIGH_RES
Future_Radicals_Study_Guide_HIGH_RESFuture_Radicals_Study_Guide_HIGH_RES
Future_Radicals_Study_Guide_HIGH_RES
 
Can You Start An Academic Essay With A Quote
Can You Start An Academic Essay With A QuoteCan You Start An Academic Essay With A Quote
Can You Start An Academic Essay With A Quote
 
ACT Writing Prep How To Write An Argumentative Essay The Pr
ACT Writing Prep How To Write An Argumentative Essay  The PrACT Writing Prep How To Write An Argumentative Essay  The Pr
ACT Writing Prep How To Write An Argumentative Essay The Pr
 
A NSA me segue (e a CIA também!)
A NSA me segue (e a CIA também!)A NSA me segue (e a CIA também!)
A NSA me segue (e a CIA também!)
 
Enlightenment Thinkers Essay. Online assignment writing service.
Enlightenment Thinkers Essay. Online assignment writing service.Enlightenment Thinkers Essay. Online assignment writing service.
Enlightenment Thinkers Essay. Online assignment writing service.
 
Preparing for a Security Breach
Preparing for a Security BreachPreparing for a Security Breach
Preparing for a Security Breach
 
Thesis Statement Examples For Poetry Essays
Thesis Statement Examples For Poetry EssaysThesis Statement Examples For Poetry Essays
Thesis Statement Examples For Poetry Essays
 
Fiction process
Fiction processFiction process
Fiction process
 
Vassilis Galanos - The Luciferian Nature of Information and the Informational...
Vassilis Galanos - The Luciferian Nature of Information and the Informational...Vassilis Galanos - The Luciferian Nature of Information and the Informational...
Vassilis Galanos - The Luciferian Nature of Information and the Informational...
 
Business School Essays That Made A Difference Hands On Learning 4 All
Business School Essays That Made A Difference Hands On Learning 4 AllBusiness School Essays That Made A Difference Hands On Learning 4 All
Business School Essays That Made A Difference Hands On Learning 4 All
 
Counterterrorism Model Effectiveness
Counterterrorism Model EffectivenessCounterterrorism Model Effectiveness
Counterterrorism Model Effectiveness
 
Cybercrime 1
Cybercrime 1Cybercrime 1
Cybercrime 1
 

More from Christian Folini

OWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy endOWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy end
Christian Folini
 
Never Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP ProjectNever Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP Project
Christian Folini
 
What’s new in CRS4? An Update from the OWASP CRS project
What’s new in CRS4? An Update from the OWASP CRS projectWhat’s new in CRS4? An Update from the OWASP CRS project
What’s new in CRS4? An Update from the OWASP CRS project
Christian Folini
 
The Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in SwitzerlandThe Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in Switzerland
Christian Folini
 
EVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein FortsetzungsromanEVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein Fortsetzungsroman
Christian Folini
 
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule SetSecuring Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Christian Folini
 
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetExtensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
Christian Folini
 
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
Christian Folini
 
Introduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule SetIntroduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule Set
Christian Folini
 
Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3
Christian Folini
 
Gedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für DatenschützerGedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für Datenschützer
Christian Folini
 
Medieval Castles and Modern Servers
Medieval Castles and Modern ServersMedieval Castles and Modern Servers
Medieval Castles and Modern Servers
Christian Folini
 
E-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der ExpertenE-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der Experten
Christian Folini
 
Black alps 2018-folini-d-dos
Black alps 2018-folini-d-dosBlack alps 2018-folini-d-dos
Black alps 2018-folini-d-dos
Christian Folini
 
Optimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX PlusOptimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX Plus
Christian Folini
 
A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017
Christian Folini
 
Introducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule SetIntroducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule Set
Christian Folini
 
OWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia ModeOWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia Mode
Christian Folini
 

More from Christian Folini (18)

OWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy endOWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy end
 
Never Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP ProjectNever Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP Project
 
What’s new in CRS4? An Update from the OWASP CRS project
What’s new in CRS4? An Update from the OWASP CRS projectWhat’s new in CRS4? An Update from the OWASP CRS project
What’s new in CRS4? An Update from the OWASP CRS project
 
The Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in SwitzerlandThe Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in Switzerland
 
EVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein FortsetzungsromanEVoting in der Schweiz - Ein Fortsetzungsroman
EVoting in der Schweiz - Ein Fortsetzungsroman
 
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule SetSecuring Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
 
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule SetExtensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
 
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
 
Introduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule SetIntroduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule Set
 
Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3
 
Gedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für DatenschützerGedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für Datenschützer
 
Medieval Castles and Modern Servers
Medieval Castles and Modern ServersMedieval Castles and Modern Servers
Medieval Castles and Modern Servers
 
E-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der ExpertenE-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der Experten
 
Black alps 2018-folini-d-dos
Black alps 2018-folini-d-dosBlack alps 2018-folini-d-dos
Black alps 2018-folini-d-dos
 
Optimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX PlusOptimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX Plus
 
A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017
 
Introducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule SetIntroducing the OWASP ModSecurity Core Rule Set
Introducing the OWASP ModSecurity Core Rule Set
 
OWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia ModeOWASP ModSecurity Core Rules Paranoia Mode
OWASP ModSecurity Core Rules Paranoia Mode
 

Recently uploaded

Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
Kumud Singh
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
Zilliz
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
Quotidiano Piemontese
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
Jason Packer
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
David Brossard
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
Aftab Hussain
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
Matthew Sinclair
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
Zilliz
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
panagenda
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems S.M.S.A.
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Malak Abu Hammad
 

Recently uploaded (20)

Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AIMind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Building Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and MilvusBuilding Production Ready Search Pipelines with Spark and Milvus
Building Production Ready Search Pipelines with Spark and Milvus
 
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practicesNational Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
 
Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024Columbus Data & Analytics Wednesdays - June 2024
Columbus Data & Analytics Wednesdays - June 2024
 
OpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - AuthorizationOpenID AuthZEN Interop Read Out - Authorization
OpenID AuthZEN Interop Read Out - Authorization
 
Removing Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software FuzzingRemoving Uninteresting Bytes in Software Fuzzing
Removing Uninteresting Bytes in Software Fuzzing
 
20240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 202420240605 QFM017 Machine Intelligence Reading List May 2024
20240605 QFM017 Machine Intelligence Reading List May 2024
 
Infrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI modelsInfrastructure Challenges in Scaling RAG with Custom AI models
Infrastructure Challenges in Scaling RAG with Custom AI models
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
HCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAUHCL Notes and Domino License Cost Reduction in the World of DLAU
HCL Notes and Domino License Cost Reduction in the World of DLAU
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Uni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdfUni Systems Copilot event_05062024_C.Vlachos.pdf
Uni Systems Copilot event_05062024_C.Vlachos.pdf
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdfUnlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
 

Crazy incentives and how they drive security into no man's land