Introducing the OWASP ModSecurity Core Rule Set
•
0 likes•1,061 views
The CRS is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls that saw a new major release in November 2016 (3.0 -> CRS3). CRS is the 1st line of defense against web application attacks like those summarized in the OWASP Top Ten and all with a minimum of false alerts. This talk demonstrates the installation of the rule set and introduces the most important groups of rules. It covers key concepts like anomaly scoring and thresholds, paranoia levels, stricter siblings and the sampling mode. The important handling of false positives is also covered as well as pre-defined lists of rule exclusions for popular web applications helping to avoid false positives. This presentation was delivered at AppSecEU 2017 in Belfast.
Report
Share
Report
Share
Download to read offline
Recommended
OWASP ModSecurity Core Rules Paranoia Mode
Running ModSecurity with the OWASP ModSecurity Core Rules is hard. A huge wave of false positives drowns sysadmins and logfile servers alike. The upcoming 3.0.0 release of the Core Rules comes with a new paranoia mode. This feature organises the various rules in different paranoia levels. The higher the paranoia level, the more paranoid the rules and the more false positives you will get. However, the default installation gives you a decent security level without too many false positives. This allows for a straight forward ModSecurity setup which is not threatening an existing productive service. Instead you start with a limited set of rules and then you raise the paranoia level step by step to the number that suits the desired security level of your site. In this talk, we will look at the configuration of the paranoia mode. We will look at rules and we will look at ModSecurity defending against popular attack kits at various paranoia levels
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
On demand recording: https://www.nginx.com/resources/webinars/modsecurity-and-nginx-tuning-the-owasp-core-rule-set-emea/
In this webinar we discuss how to install the OWASP Core Rule Set (CRS) with NGINX and ModSecurity, as well as how to tune it. The CRS protects against many types of attack, including SQL Injection (SQLi), Local File Inclusion (LFI), and Remote Code Execution (RCE). Watch this webinar to learn:
- How to install the OWASP Core Rule Set (CRS) with ModSecurity
- About the types of attacks the CRS blocks, such SQLi, RFI, and LFI
- How to tune the CRS to minimize false positives
- What it looks like when ModSecurity blocks an attack (in a live demo), and how to interpret the audit log
Registration URL: https://attendee.gotowebinar.com/register/937771661672757762
Webinar ID: 374-977-347
Staying Sane with Nagios
This document provides tips for maintaining sanity when using Nagios for system monitoring. It recommends starting with global practices like thorough documentation, centralized authentication, and using existing plugins when possible. For small-medium setups, it emphasizes well-structured configuration files and automation. Large installations should consider distributed monitoring, centralized management, and web-based configuration tools. The document warns against over-engineering practices and provides additional resources for learning more about Nagios.
Apache mod security 3.1
The document provides an overview of Apache Mod Security including regular expressions, rules usage, default actions, chained actions, persistent collections, transformation functions, and content validation. It discusses using regular expressions to match strings and define rules. It explains how to set default actions, chain rules together, and use persistent collections to store variables across transactions. Transformation functions and various validation techniques like validating byte ranges, DTDs, schemas, URL encoding, and UTF-8 encoding are also covered.
DansGuardian open source content filtering
DansGuardian is an open source content filtering proxy server that can block offensive, malicious, or time-wasting content. It works by pairing with proxy servers like Squid or TinyProxy to filter web traffic. DansGuardian can be configured to log blocked content, apply user-based or group-based filters, and uses blacklist and whitelist files to determine what content to allow or block. Basic configuration of DansGuardian involves editing configuration files to specify the proxy port and blacklist files, while more advanced options allow regular expression matching and separate filter profiles for different user groups.
15th Athens Big Data Meetup - 1st Talk - Running Spark On Mesos
Title: Running Spark On Mesos
Speaker: Mr. Chris Sidiropoulos (https://linkedin.com/in/chris-sidiropoulos-2a6b156a//)
Date: Tuesday, November 27, 2018
Event: https://meetup.com/Athens-Big-Data/events/256098657/
Crypto policies-2016
This document discusses system-wide crypto policies that were implemented in Fedora to ensure a consistent security level across applications. It aims to address the problem of each application choosing its own crypto settings by default. The approach taken was to define system-wide crypto policy strings and modify applications' configurations to use these default strings. Benefits included reduced administration and support costs. The policies were piloted in Fedora 21 and have since been expanded to cover additional applications. Lessons learned include the need for a smooth transition and that a consistent default security level prevents many crypto-related vulnerabilities. Future plans include including more applications and making the policies universal rather than Fedora-specific.
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
On demand recording: https://www.nginx.com/resources/webinars/modsecurity-and-nginx-tuning-the-owasp-core-rule-set-emea/
In this webinar we discuss how to install the OWASP Core Rule Set (CRS) with NGINX and ModSecurity, as well as how to tune it. The CRS protects against many types of attack, including SQL Injection (SQLi), Local File Inclusion (LFI), and Remote Code Execution (RCE). Watch this webinar to learn:
- How to install the OWASP Core Rule Set (CRS) with ModSecurity
- About the types of attacks the CRS blocks, such SQLi, RFI, and LFI
- How to tune the CRS to minimize false positives
- What it looks like when ModSecurity blocks an attack (in a live demo), and how to interpret the audit log
Recommended
OWASP ModSecurity Core Rules Paranoia Mode
Running ModSecurity with the OWASP ModSecurity Core Rules is hard. A huge wave of false positives drowns sysadmins and logfile servers alike. The upcoming 3.0.0 release of the Core Rules comes with a new paranoia mode. This feature organises the various rules in different paranoia levels. The higher the paranoia level, the more paranoid the rules and the more false positives you will get. However, the default installation gives you a decent security level without too many false positives. This allows for a straight forward ModSecurity setup which is not threatening an existing productive service. Instead you start with a limited set of rules and then you raise the paranoia level step by step to the number that suits the desired security level of your site. In this talk, we will look at the configuration of the paranoia mode. We will look at rules and we will look at ModSecurity defending against popular attack kits at various paranoia levels
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
On demand recording: https://www.nginx.com/resources/webinars/modsecurity-and-nginx-tuning-the-owasp-core-rule-set-emea/
In this webinar we discuss how to install the OWASP Core Rule Set (CRS) with NGINX and ModSecurity, as well as how to tune it. The CRS protects against many types of attack, including SQL Injection (SQLi), Local File Inclusion (LFI), and Remote Code Execution (RCE). Watch this webinar to learn:
- How to install the OWASP Core Rule Set (CRS) with ModSecurity
- About the types of attacks the CRS blocks, such SQLi, RFI, and LFI
- How to tune the CRS to minimize false positives
- What it looks like when ModSecurity blocks an attack (in a live demo), and how to interpret the audit log
Registration URL: https://attendee.gotowebinar.com/register/937771661672757762
Webinar ID: 374-977-347
Staying Sane with Nagios
This document provides tips for maintaining sanity when using Nagios for system monitoring. It recommends starting with global practices like thorough documentation, centralized authentication, and using existing plugins when possible. For small-medium setups, it emphasizes well-structured configuration files and automation. Large installations should consider distributed monitoring, centralized management, and web-based configuration tools. The document warns against over-engineering practices and provides additional resources for learning more about Nagios.
Apache mod security 3.1
The document provides an overview of Apache Mod Security including regular expressions, rules usage, default actions, chained actions, persistent collections, transformation functions, and content validation. It discusses using regular expressions to match strings and define rules. It explains how to set default actions, chain rules together, and use persistent collections to store variables across transactions. Transformation functions and various validation techniques like validating byte ranges, DTDs, schemas, URL encoding, and UTF-8 encoding are also covered.
DansGuardian open source content filtering
DansGuardian is an open source content filtering proxy server that can block offensive, malicious, or time-wasting content. It works by pairing with proxy servers like Squid or TinyProxy to filter web traffic. DansGuardian can be configured to log blocked content, apply user-based or group-based filters, and uses blacklist and whitelist files to determine what content to allow or block. Basic configuration of DansGuardian involves editing configuration files to specify the proxy port and blacklist files, while more advanced options allow regular expression matching and separate filter profiles for different user groups.
15th Athens Big Data Meetup - 1st Talk - Running Spark On Mesos
Title: Running Spark On Mesos
Speaker: Mr. Chris Sidiropoulos (https://linkedin.com/in/chris-sidiropoulos-2a6b156a//)
Date: Tuesday, November 27, 2018
Event: https://meetup.com/Athens-Big-Data/events/256098657/
Crypto policies-2016
This document discusses system-wide crypto policies that were implemented in Fedora to ensure a consistent security level across applications. It aims to address the problem of each application choosing its own crypto settings by default. The approach taken was to define system-wide crypto policy strings and modify applications' configurations to use these default strings. Benefits included reduced administration and support costs. The policies were piloted in Fedora 21 and have since been expanded to cover additional applications. Lessons learned include the need for a smooth transition and that a consistent default security level prevents many crypto-related vulnerabilities. Future plans include including more applications and making the policies universal rather than Fedora-specific.
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
On demand recording: https://www.nginx.com/resources/webinars/modsecurity-and-nginx-tuning-the-owasp-core-rule-set-emea/
In this webinar we discuss how to install the OWASP Core Rule Set (CRS) with NGINX and ModSecurity, as well as how to tune it. The CRS protects against many types of attack, including SQL Injection (SQLi), Local File Inclusion (LFI), and Remote Code Execution (RCE). Watch this webinar to learn:
- How to install the OWASP Core Rule Set (CRS) with ModSecurity
- About the types of attacks the CRS blocks, such SQLi, RFI, and LFI
- How to tune the CRS to minimize false positives
- What it looks like when ModSecurity blocks an attack (in a live demo), and how to interpret the audit log
ModSecurity and NGINX: Tuning the OWASP Core Rule Set
On demand recording: nginx.com/watch-on-demand/?id=modsecurity-and-nginx-tuning-the-owasp-core-rule-set
In this webinar we discuss how to install the OWASP Core Rule Set (CRS) with NGINX and ModSecurity, as well as how to tune it. The CRS protects against many types of attack, including SQL Injection (SQLi), Local File Inclusion (LFI), and Remote Code Execution (RCE). Watch this webinar to learn:
- How to install the OWASP Core Rule Set (CRS) with ModSecurity
- About the types of attacks the CRS blocks, such SQLi, RFI, and LFI
- How to tune the CRS to minimize false positives
- What it looks like when ModSecurity blocks an attack (in a live demo), and how to interpret the audit log
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
The document provides an overview of ModSecurity and how to install and tune the OWASP Core Rule Set (CRS) for use with NGINX. It discusses what ModSecurity is, the history and key features of the CRS, and how to download, install, and include the CRS rule files in the NGINX configuration. It also covers tuning the CRS to reduce false positives, such as setting a high anomaly threshold and progressively lowering it. Additionally, it mentions performance tuning techniques like disabling the audit log and excluding static files from inspection to improve performance.
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
This document outlines an introduction to ModSecurity and the OWASP Core Rule Set (CRS) presented at a security conference. It discusses what a web application firewall (WAF) and ModSecurity are and how the CRS works. The presentation covers key concepts like rule groups, paranoia levels to control false positives, and anomaly scoring. It also demonstrates installing and configuring ModSecurity and the CRS. The document promotes the CRS as a first line of defense against web attacks and provides resources for additional tutorials, courses, and support.
Optimizing ModSecurity on NGINX and NGINX Plus
Christian Folini gave a presentation on optimizing ModSecurity on NGINX and NGINX Plus. Some key points:
- ModSecurity is an open source web application firewall that provides a rule-based system. The OWASP ModSecurity Core Rule Set (CRS) is the default rule set that blocks over 80% of attacks.
- To use ModSecurity with NGINX, one must compile ModSecurity 3.0 and the ModSecurity NGINX connector module, then compile NGINX with the connector. Alternatively, precompiled binaries are available with NGINX Plus.
- Initial optimization steps include adjusting the anomaly threshold, learning to read logs using aliases, and handling false positives by
2012 S&P Paper Reading Session1
This document summarizes three papers presented at an S&P 2012 security conference session on system security. The first paper proposes a framework to eliminate backdoors from response-computable authentication systems. The second paper discusses replacing the standard program loader with a secure loader to prevent attacks on software-based fault isolation. The third paper presents a technique called ReDebug for finding unpatched code clones in entire OS distributions.
Apache Cloudstack QA Strategy
The document outlines the QA strategy for Apache CloudStack releases. It discusses the goals of continuous integration and validation through automated testing. The QA process includes installation and upgrade validation, new feature testing, regression testing, performance and scalability testing, and security reviews. Future plans include increasing test automation, implementing continuous integration, and standardizing certifications. Community participation is encouraged in QA meetings, IRC sessions, and the developer mailing list.
Automating cloud security - Jonny Griffin
On Tuesday, June 22nd Jonny Griffin, Security Engineer at Working Group Two, gave a presentation at a three day conference at GSMA FASG.
In the last three years, Working Group Two has been developing a DevSecOps framework to ensure their cloud-native mobile core network is secure.
Automating Cloud Security introduces the topics around cloud computing, DevSecOps, cloud-native Security Layers, and how WG2 built a security tool chain that can be leveraged by any organisation.
As security is evolving so is WG2's capabilities for identifying, preventing, and responding to security events in our networks.
Web Application Firewall - Friend of your DevOps Pipeline?
The document discusses how a web application firewall (WAF) like ModSecurity and the OWASP Core Rule Set can be integrated into a DevOps pipeline to provide security. It describes how ModSecurity works to detect attacks and filter requests and responses based on rules. The document advocates making WAF testing and deployment easy for developers through tools that minimize effort like providing templated WAF configurations that can be deployed with infrastructure as code. Challenges around ongoing WAF operations and rule updates are also addressed.
Five Steps to Creating a Secure Hybrid Cloud Architecture
A hybrid Architecture is one of the easiest ways to securely address new application requirements and cloud-first development initiatives. This approach allows you to start small and expand as your requirements change while maintaining a strong security posture. In this session, you will learn the 5 key steps to building a hybrid architecture on AWS using the VM-Series next-generation firewall.
PCI 3.0 and penetration testing
This is a presentation detailing what companies need to do when going for a PCI compliance test. How they can protect their business and further ensure they will pass the test.
WAF In DevOps DevOpsFusion2019
This document discusses implementing a web application firewall (WAF) using ModSecurity and the OWASP Core Rule Set (CRS) as part of a DevOps process. It recommends setting up the WAF using a Docker container for the CRS for fast feedback. This allows detecting attacks like SQL injection and cross-site scripting early before deployment, as well as reducing false positives by testing requested changes to the rule set. The goal is to integrate WAF testing into the development cycle to improve security.
ML13198A410.pdf
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The key point is that while firewalls provide some security, a holistic security program is needed to fully prevent, detect, and respond to threats.
ML13198A410.pdf
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The key point is that while firewalls provide some security, a holistic security program is needed to fully prevent, detect, and respond to threats.
ML13198A410.pdf
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The conclusion is that firewalls must be part of a comprehensive security program, as they cannot prevent, detect, or respond to attacks alone.
MongoDB at MapMyFitness
As one of our primary data stores, we utilize MongoDB heavily. Early last year our DevOps lead, Chris Merz, submitted some of our use cases to 10gen (http://www.10gen.com/events) as fodder for a presentation at the MongoDB conference in Boulder. The presentation went well enough at the Boulder conference that 10gen asked him to give it again at San Francisco, Seattle and again in Boulder.
Hopefully there are some nuggets in this deck that can help you in your quest to dominate MongoDB.
How to secure your web applications with NGINX
Your website is probably vulnerable and gonna be hacked one day. Here're 15 ready-to-use tips on how you can make your web applications more secure. How to protect web application from hacker attacks and mitigate DDoS with NGINX web server.
running stable diffusion on android
How to convert Stable Diffusion models to TFLite models so that you can use NNAPI to accelerate them.
Introduction to Mod security session April 2016
ModSecurity is a web application firewall that provides real-time monitoring, logging, and access control for web applications. It acts as a layer between users and web servers to check for and block malicious traffic. ModSecurity uses rules to detect attacks like SQL injection, cross-site scripting, and file inclusion attempts. It can be deployed embedded within Apache or as a separate reverse proxy for additional isolation. The OWASP Core Rule Set provides generic protections against common vulnerabilities. ModSecurity transforms requests to detect attacks and has different rule processing modes.
Application Security
This document discusses various techniques for improving application security, including detecting vulnerabilities through code review, static analysis, and symbolic execution. It also discusses preventing vulnerabilities through code and binary rewriting and sandboxing. Finally, it discusses proving security through formal methods like model checking and theorem proving. Symbolic execution is described as a technique that symbolically executes a program to build constraints that can then be solved to generate new test inputs. Fuzzgrind is presented as a tool that uses symbolic execution and constraint solving to act as an efficient fuzzer.
OWASP ModSecurity - A few plot twists and what feels like a happy end
This is about the history and the future of OWASP ModSecurity. The venerable WAF engine was transferred for OWASP in January 2024. This presentation looks back and presents a project plan moving forward.
Crazy incentives and how they drive security into no man's land
Everybody, Blueteam and Redteam players alike, are driven by incentives. Good incentives persuade us to do the right thing and patch our servers. Bad incentives make us eat unhealthy food and follow stupid security practices.
There is a huge resource problem in the IT industry and especially in the security industry. So you would expect people to pay attention to the existing incentives and th incentives they create with their documentation, their awareness trainings, their security reports, etc.
But reality paints a different picture: Bad incentives all around! We see insane security practices eating valuable time and online trainings annoying users, slowly teaching them to become a brainless zombie whenever they hear the keyword "security".
But it's even worse. I've come across incentives that lure companies into creating bad products and I've seen companies create products that incentivize their customers to waste their time and money.
Sometimes the mechanisms are too strong to fight. But sometimes it takes people like you and me to say NO and stand up for real security!
Follow me on a journey and security will never look the same to you again!
More Related Content
Similar to Introducing the OWASP ModSecurity Core Rule Set
ModSecurity and NGINX: Tuning the OWASP Core Rule Set
On demand recording: nginx.com/watch-on-demand/?id=modsecurity-and-nginx-tuning-the-owasp-core-rule-set
In this webinar we discuss how to install the OWASP Core Rule Set (CRS) with NGINX and ModSecurity, as well as how to tune it. The CRS protects against many types of attack, including SQL Injection (SQLi), Local File Inclusion (LFI), and Remote Code Execution (RCE). Watch this webinar to learn:
- How to install the OWASP Core Rule Set (CRS) with ModSecurity
- About the types of attacks the CRS blocks, such SQLi, RFI, and LFI
- How to tune the CRS to minimize false positives
- What it looks like when ModSecurity blocks an attack (in a live demo), and how to interpret the audit log
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
The document provides an overview of ModSecurity and how to install and tune the OWASP Core Rule Set (CRS) for use with NGINX. It discusses what ModSecurity is, the history and key features of the CRS, and how to download, install, and include the CRS rule files in the NGINX configuration. It also covers tuning the CRS to reduce false positives, such as setting a high anomaly threshold and progressively lowering it. Additionally, it mentions performance tuning techniques like disabling the audit log and excluding static files from inspection to improve performance.
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
This document outlines an introduction to ModSecurity and the OWASP Core Rule Set (CRS) presented at a security conference. It discusses what a web application firewall (WAF) and ModSecurity are and how the CRS works. The presentation covers key concepts like rule groups, paranoia levels to control false positives, and anomaly scoring. It also demonstrates installing and configuring ModSecurity and the CRS. The document promotes the CRS as a first line of defense against web attacks and provides resources for additional tutorials, courses, and support.
Optimizing ModSecurity on NGINX and NGINX Plus
Christian Folini gave a presentation on optimizing ModSecurity on NGINX and NGINX Plus. Some key points:
- ModSecurity is an open source web application firewall that provides a rule-based system. The OWASP ModSecurity Core Rule Set (CRS) is the default rule set that blocks over 80% of attacks.
- To use ModSecurity with NGINX, one must compile ModSecurity 3.0 and the ModSecurity NGINX connector module, then compile NGINX with the connector. Alternatively, precompiled binaries are available with NGINX Plus.
- Initial optimization steps include adjusting the anomaly threshold, learning to read logs using aliases, and handling false positives by
2012 S&P Paper Reading Session1
This document summarizes three papers presented at an S&P 2012 security conference session on system security. The first paper proposes a framework to eliminate backdoors from response-computable authentication systems. The second paper discusses replacing the standard program loader with a secure loader to prevent attacks on software-based fault isolation. The third paper presents a technique called ReDebug for finding unpatched code clones in entire OS distributions.
Apache Cloudstack QA Strategy
The document outlines the QA strategy for Apache CloudStack releases. It discusses the goals of continuous integration and validation through automated testing. The QA process includes installation and upgrade validation, new feature testing, regression testing, performance and scalability testing, and security reviews. Future plans include increasing test automation, implementing continuous integration, and standardizing certifications. Community participation is encouraged in QA meetings, IRC sessions, and the developer mailing list.
Automating cloud security - Jonny Griffin
On Tuesday, June 22nd Jonny Griffin, Security Engineer at Working Group Two, gave a presentation at a three day conference at GSMA FASG.
In the last three years, Working Group Two has been developing a DevSecOps framework to ensure their cloud-native mobile core network is secure.
Automating Cloud Security introduces the topics around cloud computing, DevSecOps, cloud-native Security Layers, and how WG2 built a security tool chain that can be leveraged by any organisation.
As security is evolving so is WG2's capabilities for identifying, preventing, and responding to security events in our networks.
Web Application Firewall - Friend of your DevOps Pipeline?
The document discusses how a web application firewall (WAF) like ModSecurity and the OWASP Core Rule Set can be integrated into a DevOps pipeline to provide security. It describes how ModSecurity works to detect attacks and filter requests and responses based on rules. The document advocates making WAF testing and deployment easy for developers through tools that minimize effort like providing templated WAF configurations that can be deployed with infrastructure as code. Challenges around ongoing WAF operations and rule updates are also addressed.
Five Steps to Creating a Secure Hybrid Cloud Architecture
A hybrid Architecture is one of the easiest ways to securely address new application requirements and cloud-first development initiatives. This approach allows you to start small and expand as your requirements change while maintaining a strong security posture. In this session, you will learn the 5 key steps to building a hybrid architecture on AWS using the VM-Series next-generation firewall.
PCI 3.0 and penetration testing
This is a presentation detailing what companies need to do when going for a PCI compliance test. How they can protect their business and further ensure they will pass the test.
WAF In DevOps DevOpsFusion2019
This document discusses implementing a web application firewall (WAF) using ModSecurity and the OWASP Core Rule Set (CRS) as part of a DevOps process. It recommends setting up the WAF using a Docker container for the CRS for fast feedback. This allows detecting attacks like SQL injection and cross-site scripting early before deployment, as well as reducing false positives by testing requested changes to the rule set. The goal is to integrate WAF testing into the development cycle to improve security.
ML13198A410.pdf
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The key point is that while firewalls provide some security, a holistic security program is needed to fully prevent, detect, and respond to threats.
ML13198A410.pdf
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The key point is that while firewalls provide some security, a holistic security program is needed to fully prevent, detect, and respond to threats.
ML13198A410.pdf
This presentation provides an overview of firewalls and their limitations. It discusses how firewalls are designed to control data flows but have hardware, memory, time, and logic constraints. The presentation then demonstrates common attack techniques like impersonation and session hijacking that can bypass firewalls. It shows how easily available hacking tools allow attacks to be performed with little skill or effort. The conclusion is that firewalls must be part of a comprehensive security program, as they cannot prevent, detect, or respond to attacks alone.
MongoDB at MapMyFitness
As one of our primary data stores, we utilize MongoDB heavily. Early last year our DevOps lead, Chris Merz, submitted some of our use cases to 10gen (http://www.10gen.com/events) as fodder for a presentation at the MongoDB conference in Boulder. The presentation went well enough at the Boulder conference that 10gen asked him to give it again at San Francisco, Seattle and again in Boulder.
Hopefully there are some nuggets in this deck that can help you in your quest to dominate MongoDB.
How to secure your web applications with NGINX
Your website is probably vulnerable and gonna be hacked one day. Here're 15 ready-to-use tips on how you can make your web applications more secure. How to protect web application from hacker attacks and mitigate DDoS with NGINX web server.
running stable diffusion on android
How to convert Stable Diffusion models to TFLite models so that you can use NNAPI to accelerate them.
Introduction to Mod security session April 2016
ModSecurity is a web application firewall that provides real-time monitoring, logging, and access control for web applications. It acts as a layer between users and web servers to check for and block malicious traffic. ModSecurity uses rules to detect attacks like SQL injection, cross-site scripting, and file inclusion attempts. It can be deployed embedded within Apache or as a separate reverse proxy for additional isolation. The OWASP Core Rule Set provides generic protections against common vulnerabilities. ModSecurity transforms requests to detect attacks and has different rule processing modes.
Application Security
This document discusses various techniques for improving application security, including detecting vulnerabilities through code review, static analysis, and symbolic execution. It also discusses preventing vulnerabilities through code and binary rewriting and sandboxing. Finally, it discusses proving security through formal methods like model checking and theorem proving. Symbolic execution is described as a technique that symbolically executes a program to build constraints that can then be solved to generate new test inputs. Fuzzgrind is presented as a tool that uses symbolic execution and constraint solving to act as an efficient fuzzer.
Similar to Introducing the OWASP ModSecurity Core Rule Set (20)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set
ModSecurity and NGINX: Tuning the OWASP Core Rule Set
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
Web Application Firewall - Friend of your DevOps Pipeline?
Web Application Firewall - Friend of your DevOps Pipeline?
Five Steps to Creating a Secure Hybrid Cloud Architecture
Five Steps to Creating a Secure Hybrid Cloud Architecture
More from Christian Folini
OWASP ModSecurity - A few plot twists and what feels like a happy end
This is about the history and the future of OWASP ModSecurity. The venerable WAF engine was transferred for OWASP in January 2024. This presentation looks back and presents a project plan moving forward.
Crazy incentives and how they drive security into no man's land
Everybody, Blueteam and Redteam players alike, are driven by incentives. Good incentives persuade us to do the right thing and patch our servers. Bad incentives make us eat unhealthy food and follow stupid security practices.
There is a huge resource problem in the IT industry and especially in the security industry. So you would expect people to pay attention to the existing incentives and th incentives they create with their documentation, their awareness trainings, their security reports, etc.
But reality paints a different picture: Bad incentives all around! We see insane security practices eating valuable time and online trainings annoying users, slowly teaching them to become a brainless zombie whenever they hear the keyword "security".
But it's even worse. I've come across incentives that lure companies into creating bad products and I've seen companies create products that incentivize their customers to waste their time and money.
Sometimes the mechanisms are too strong to fight. But sometimes it takes people like you and me to say NO and stand up for real security!
Follow me on a journey and security will never look the same to you again!
Never Walk Alone - Inspirations from a Growing OWASP Project
The OWASP ModSecurity Core Rule Set (CRS) was a dormant project, when a group of three developers picked it up in 2016. Today, this open source web application firewall project counts 14 active developers, annual sponsoring of over 40K USD and the rules run on over 100Tbit/s. This presentation explains how the new management took over the project and developed it in three key areas: (1) the code, (2) the developers and (3) the users and partners. The growth of OWASP CRS serves as an example how you can grow and mature your project too.
What’s new in CRS4? An Update from the OWASP CRS project
Christian Folini presented news and updates about the OWASP ModSecurity Core Rule Set (CRS) project. Some key points included:
- Trustwave announced end of life for their ModSecurity product and a new open source WAF engine called Coraza.
- The CRS documentation was overhauled and a sandbox and private bug bounty program were launched.
- Major changes in CRS v4 include a plugins architecture, early blocking, configurable reporting levels and removing PCRE dependency.
- New rules are being added around SSRF, email protocols, Log4Shell, webshell detection and improved RCE and SQLi detection.
- The CRS v4 release was delayed to fix issues
The Adventurous Tale of Online Voting in Switzerland
Overview over 20 years of online voting in Switzerland, including publication of source code in 2019, collection of signatures for referendum, scientific dialogue, public consultation for new regulation and some bold predictions about the future.
EVoting in der Schweiz - Ein Fortsetzungsroman
Historischer Ueberblick über 20 Jahre E-Voting in der Schweiz mit Schwerpunkten auf Entwicklungen im Jahr 2019, wissenschaftlicher Dialog 2020 und Vernehmlassung zur neuen Regulierung 2021.
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
This presentation from #RomHack2021 introduces the OWASP ModSecurity Core Rule Set Web Application Firewall (CRS). It then introduces the 20 years history of Internet Voting in Switzerland and then explains how the Swiss Post system was secured with the help of OWASP CRS. The presentation links several resources including government reports and an important tuning description by Swiss Post.
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Swiss tale with online voting serves as a typical example of the iterative development of highly critical IT systems and the growing involvement of scientists as a necessary step for a government that is willing to learn from past mistakes.
Switzerland has been experimenting with online voting for over 15 years. Several generations of electronic voting systems have been implemented and almost all of them died along the way because of their profound security problems or when the money ran out.
In 2019, Swiss Post published the source code of its online voting system, the last system that was still in the race. Several highly critical findings were discovered in a matter of weeks and the system was stopped right before the national elections.
In 2020, the government rebooted the process and invited two dozen international researchers into an intense dialogue that lasted several months. The resulting report is the base for the renewed regulation that will pave the way forward in 2021.
Introduction to ModSecurity and the OWASP Core Rule Set
This document discusses ModSecurity and the OWASP Core Rule Set (CRS). ModSecurity is an open source web application firewall that can be embedded into servers. It uses rules to provide granular control over requests and responses. The CRS is a set of generic rules that can block 80% of common web attacks in its default configuration with minimal false positives. It is organized into different rule groups and has different paranoia levels to control security and false positives. The presentation demonstrates how to install and configure ModSecurity and CRS to provide a first line of defense against web application attacks.
Folini Extended Introduction to ModSecurity and CRS3
This document provides an introduction to ModSecurity and the OWASP Core Rule Set (CRS) presented by Christian Folini. The presentation covers what a web application firewall (WAF) and ModSecurity are, an overview of the CRS including rule groups and paranoia levels, how to install and configure ModSecurity with the CRS, and handling false positives. The goal of ModSecurity and CRS is to provide a first line of defense against web application attacks and block around 80% of attacks with minimal false positives in the default installation.
Gedanken zur elektronischen Stimmabgabe für Datenschützer
Verschiedene Gedanken zum Thema E-Voting und zur Sicherheit der verschiedenen Abstimmungs- und Wahlkanäle der Schweiz.
Medieval Castles and Modern Servers
We have been building castles and fortifications for thousands of years. Many of them were never breached. IT security, on the other hand, is a very young discipline where defense mechanisms have not really stood the test of time and breaches are happening every day.
Looking at historical defense techniques and fortress architectures can therefore serve as an inspiration for strong IT security architectures. This presentation looks at agile and flexible defenses, layered security and whitelisting. None of these concepts are entirely new to the IT security industry. But implementations usually stop with the buzzword or at the network level. This talk brings evidence for the effectiveness of the concepts across the centuries and hopes to help them achieve a breakthrough on all levels.
Furthermore, the talk educates the audience about medieval castles and how the metaphor can be put to use when explaining complicated IT security concepts to non-technical audiences. Again, the metaphor is not new, but people are usually only scratching the surface when they talk of medieval castles and modern servers.
E-Voting, die Sicherheit und die Rolle der Experten
- Warum macht E-Voting bei aller Skepsis Sinn?
- Wie können wir es absichern?
- Was kann jede und jeder beitragen, um es sicher zu machen?
Black alps 2018-folini-d-dos
- Trend I: DDoS attacks are increasing in size over time
- Trend II: More attacks are targeting applications instead of just bandwidth or servers
- Trend III: Increased encryption makes defense against DDoS attacks more difficult
- CDNs like Cloudflare play a large role in defending against DDoS attacks and their infrastructure controls much of the internet
- Using local route announcements could guarantee better geographic blocking of attacks but risks balkanizing the internet
- Nation states may fail to protect internet traffic that moves outside their jurisdictions
A General Look at the State of Security - AFCEA 2017
Overview presentation for the participants of the AFCEA Hack conference within AFCEA TechNet 2017 in Stockholm, October 10, 2017.
The overview covers the topics dependency / complexity / interoperability, online crime, digitalisation, spear phishing, manipulation, internet of things, and denial of service.
More from Christian Folini (15)
OWASP ModSecurity - A few plot twists and what feels like a happy end
OWASP ModSecurity - A few plot twists and what feels like a happy end
Crazy incentives and how they drive security into no man's land
Crazy incentives and how they drive security into no man's land
Never Walk Alone - Inspirations from a Growing OWASP Project
Never Walk Alone - Inspirations from a Growing OWASP Project
What’s new in CRS4? An Update from the OWASP CRS project
What’s new in CRS4? An Update from the OWASP CRS project
The Adventurous Tale of Online Voting in Switzerland
The Adventurous Tale of Online Voting in Switzerland
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
Introduction to ModSecurity and the OWASP Core Rule Set
Introduction to ModSecurity and the OWASP Core Rule Set
Folini Extended Introduction to ModSecurity and CRS3
Folini Extended Introduction to ModSecurity and CRS3
Gedanken zur elektronischen Stimmabgabe für Datenschützer
Gedanken zur elektronischen Stimmabgabe für Datenschützer
E-Voting, die Sicherheit und die Rolle der Experten
E-Voting, die Sicherheit und die Rolle der Experten
A General Look at the State of Security - AFCEA 2017
A General Look at the State of Security - AFCEA 2017
Recently uploaded
快速办理(Vic毕业证书)惠灵顿维多利亚大学毕业证完成信一模一样
学校原件一模一样【微信:741003700 】《(Vic毕业证书)惠灵顿维多利亚大学毕业证》【微信:741003700 】学位证,留信认证(真实可查,永久存档)原件一模一样纸张工艺/offer、雅思、外壳等材料/诚信可靠,可直接看成品样本,帮您解决无法毕业带来的各种难题!外壳,原版制作,诚信可靠,可直接看成品样本。行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题,包您满意。
本公司拥有海外各大学样板无数,能完美还原。
1:1完美还原海外各大学毕业材料上的工艺:水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700
【主营项目】
一.毕业证【q微741003700】成绩单、使馆认证、教育部认证、雅思托福成绩单、学生卡等!
二.真实使馆公证(即留学回国人员证明,不成功不收费)
三.真实教育部学历学位认证(教育部存档!教育部留服网站永久可查)
四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度)
如果您处于以下几种情况:
◇在校期间,因各种原因未能顺利毕业……拿不到官方毕业证【q/微741003700】
◇面对父母的压力,希望尽快拿到;
◇不清楚认证流程以及材料该如何准备;
◇回国时间很长,忘记办理;
◇回国马上就要找工作,办给用人单位看;
◇企事业单位必须要求办理的
◇需要报考公务员、购买免税车、落转户口
◇申请留学生创业基金
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
HijackLoader Evolution: Interactive Process Hollowing
CrowdStrike researchers have identified a HijackLoader (aka IDAT Loader) sample that employs sophisticated evasion techniques to enhance the complexity of the threat. HijackLoader, an increasingly popular tool among adversaries for deploying additional payloads and tooling, continues to evolve as its developers experiment and enhance its capabilities.
In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. The malware developer used a standard process hollowing technique coupled with an additional trigger that was activated by the parent process writing to a pipe. This new approach, called "Interactive Process Hollowing", has the potential to make defense evasion stealthier.
Should Repositories Participate in the Fediverse?
Presentation for OR2024 making the case that repositories could play a part in the "fediverse" of distributed social applications
办理新西兰奥克兰大学毕业证学位证书范本原版一模一样
原版一模一样【微信:741003700 】【新西兰奥克兰大学毕业证学位证书】【微信:741003700 】学位证,留信认证(真实可查,永久存档)offer、雅思、外壳等材料/诚信可靠,可直接看成品样本,帮您解决无法毕业带来的各种难题!外壳,原版制作,诚信可靠,可直接看成品样本。行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题,包您满意。
本公司拥有海外各大学样板无数,能完美还原海外各大学 Bachelor Diploma degree, Master Degree Diploma
1:1完美还原海外各大学毕业材料上的工艺:水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
Discover the benefits of outsourcing SEO to India
"Discover the benefits of outsourcing SEO to India! From cost-effective services and expert professionals to round-the-clock work advantages, learn how your business can achieve digital success with Indian SEO solutions.
Bengaluru Dreamin' 24 - Personal Branding
Session on Personal Branding presented at Bengaluru Dreamin
怎么办理(umiami毕业证书)美国迈阿密大学毕业证文凭证书实拍图原版一模一样
原版定制【微信:bwp0011】《(umiami毕业证书)美国迈阿密大学毕业证文凭证书》【微信:bwp0011】成绩单 、雅思、外壳、留信学历认证永久存档查询,采用学校原版纸张、特殊工艺完全按照原版一比一制作(包括:隐形水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠,文字图案浮雕,激光镭射,紫外荧光,温感,复印防伪)行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备,十五年致力于帮助留学生解决难题,业务范围有加拿大、英国、澳洲、韩国、美国、新加坡,新西兰等学历材料,包您满意。
【业务选择办理准则】
一、工作未确定,回国需先给父母、亲戚朋友看下文凭的情况,办理一份就读学校的毕业证【微信bwp0011】文凭即可
二、回国进私企、外企、自己做生意的情况,这些单位是不查询毕业证真伪的,而且国内没有渠道去查询国外文凭的真假,也不需要提供真实教育部认证。鉴于此,办理一份毕业证【微信bwp0011】即可
三、进国企,银行,事业单位,考公务员等等,这些单位是必需要提供真实教育部认证的,办理教育部认证所需资料众多且烦琐,所有材料您都必须提供原件,我们凭借丰富的经验,快捷的绿色通道帮您快速整合材料,让您少走弯路。
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
【关于价格问题(保证一手价格)】
我们所定的价格是非常合理的,而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子 我给客户的都是第一手的代理价格,因为我想坦诚对待大家 不想跟大家在价格方面浪费时间
对于老客户或者被老客户介绍过来的朋友,我们都会适当给一些优惠。
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Adli Wahid, Senior Internet Security Specialist at APNIC, delivered a presentation titled 'Honeypots Unveiled: Proactive Defense Tactics for Cyber Security' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
快速办理(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书一模一样
学校原件一模一样【微信:741003700 】《(新加坡SMU毕业证书)新加坡管理大学毕业证文凭证书》【微信:741003700 】学位证,留信认证(真实可查,永久存档)原件一模一样纸张工艺/offer、雅思、外壳等材料/诚信可靠,可直接看成品样本,帮您解决无法毕业带来的各种难题!外壳,原版制作,诚信可靠,可直接看成品样本。行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备。十五年致力于帮助留学生解决难题,包您满意。
本公司拥有海外各大学样板无数,能完美还原。
1:1完美还原海外各大学毕业材料上的工艺:水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠。文字图案浮雕、激光镭射、紫外荧光、温感、复印防伪等防伪工艺。材料咨询办理、认证咨询办理请加学历顾问Q/微741003700
【主营项目】
一.毕业证【q微741003700】成绩单、使馆认证、教育部认证、雅思托福成绩单、学生卡等!
二.真实使馆公证(即留学回国人员证明,不成功不收费)
三.真实教育部学历学位认证(教育部存档!教育部留服网站永久可查)
四.办理各国各大学文凭(一对一专业服务,可全程监控跟踪进度)
如果您处于以下几种情况:
◇在校期间,因各种原因未能顺利毕业……拿不到官方毕业证【q/微741003700】
◇面对父母的压力,希望尽快拿到;
◇不清楚认证流程以及材料该如何准备;
◇回国时间很长,忘记办理;
◇回国马上就要找工作,办给用人单位看;
◇企事业单位必须要求办理的
◇需要报考公务员、购买免税车、落转户口
◇申请留学生创业基金
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
一比一原版新西兰林肯大学毕业证(Lincoln毕业证书)学历如何办理
原版办【微信号:95270640】【新西兰林肯大学毕业证(Lincoln毕业证书)】【微信号:95270640】《成绩单、外壳、雅思、offer、真实留信官方学历认证(永久存档/真实可查)》采用学校原版纸张、特殊工艺完全按照原版一比一制作(包括:隐形水印,阴影底纹,钢印LOGO烫金烫银,LOGO烫金烫银复合重叠,文字图案浮雕,激光镭射,紫外荧光,温感,复印防伪)行业标杆!精益求精,诚心合作,真诚制作!多年品质 ,按需精细制作,24小时接单,全套进口原装设备,十五年致力于帮助留学生解决难题,业务范围有加拿大、英国、澳洲、韩国、美国、新加坡,新西兰等学历材料,包您满意。
【我们承诺采用的是学校原版纸张(纸质、底色、纹路)我们拥有全套进口原装设备,特殊工艺都是采用不同机器制作,仿真度基本可以达到100%,所有工艺效果都可提前给客户展示,不满意可以根据客户要求进行调整,直到满意为止!】
【业务选择办理准则】
一、工作未确定,回国需先给父母、亲戚朋友看下文凭的情况,办理一份就读学校的毕业证【微信号95270640】文凭即可
二、回国进私企、外企、自己做生意的情况,这些单位是不查询毕业证真伪的,而且国内没有渠道去查询国外文凭的真假,也不需要提供真实教育部认证。鉴于此,办理一份毕业证【微信号95270640】即可
三、进国企,银行,事业单位,考公务员等等,这些单位是必需要提供真实教育部认证的,办理教育部认证所需资料众多且烦琐,所有材料您都必须提供原件,我们凭借丰富的经验,快捷的绿色通道帮您快速整合材料,让您少走弯路。
留信网认证的作用:
1:该专业认证可证明留学生真实身份
2:同时对留学生所学专业登记给予评定
3:国家专业人才认证中心颁发入库证书
4:这个认证书并且可以归档倒地方
5:凡事获得留信网入网的信息将会逐步更新到个人身份内,将在公安局网内查询个人身份证信息后,同步读取人才网入库信息
6:个人职称评审加20分
7:个人信誉贷款加10分
8:在国家人才网主办的国家网络招聘大会中纳入资料,供国家高端企业选择人才
留信网服务项目:
1、留学生专业人才库服务(留信分析)
2、国(境)学习人员提供就业推荐信服务
3、留学人员区块链存储服务
【关于价格问题(保证一手价格)】
我们所定的价格是非常合理的,而且我们现在做得单子大多数都是代理和回头客户介绍的所以一般现在有新的单子 我给客户的都是第一手的代理价格,因为我想坦诚对待大家 不想跟大家在价格方面浪费时间
对于老客户或者被老客户介绍过来的朋友,我们都会适当给一些优惠。
选择实体注册公司办理,更放心,更安全!我们的承诺:客户在留信官方认证查询网站查询到认证通过结果后付款,不成功不收费!
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Md. Zobair Khan,
Network Analyst and Technical Trainer at APNIC, presented 'Securing BGP: Operational Strategies and Best Practices for Network Defenders' at the Phoenix Summit held in Dhaka, Bangladesh from 23 to 24 May 2024.
一比一原版(USYD毕业证)悉尼大学毕业证如何办理
USYD硕士毕业证成绩单【微信95270640】《如何办理悉尼大学毕业证认证》【办证Q微信95270640】《悉尼大学文凭毕业证制作》《USYD学历学位证书哪里买》办理悉尼大学学位证书扫描件、办理悉尼大学雅思证书!
国际留学归国服务中心《如何办悉尼大学毕业证认证》《USYD学位证书扫描件哪里买》实体公司,注册经营,行业标杆,精益求精!
如果您是以下情况,我们都能竭诚为您解决实际问题:【公司采用定金+余款的付款流程,以最大化保障您的利益,让您放心无忧】
1、在校期间,因各种原因未能顺利毕业,拿不到官方毕业证+微信95270640
2、面对父母的压力,希望尽快拿到悉尼大学悉尼大学毕业证offer;
3、不清楚流程以及材料该如何准备悉尼大学悉尼大学毕业证offer;
4、回国时间很长,忘记办理;
5、回国马上就要找工作,办给用人单位看;
6、企事业单位必须要求办理的;
面向美国乔治城大学毕业留学生提供以下服务:
【★悉尼大学悉尼大学毕业证offer毕业证、成绩单等全套材料,从防伪到印刷,从水印到钢印烫金,与学校100%相同】
【★真实使馆认证(留学人员回国证明),使馆存档可通过大使馆查询确认】
【★真实教育部认证,教育部存档,教育部留服网站可查】
【★真实留信认证,留信网入库存档,可查悉尼大学悉尼大学毕业证offer】
我们从事工作十余年的有着丰富经验的业务顾问,熟悉海外各国大学的学制及教育体系,并且以挂科生解决毕业材料不全问题为基础,为客户量身定制1对1方案,未能毕业的回国留学生成功搭建回国顺利发展所需的桥梁。我们一直努力以高品质的教育为起点,以诚信、专业、高效、创新作为一切的行动宗旨,始终把“诚信为主、质量为本、客户第一”作为我们全部工作的出发点和归宿点。同时为海内外留学生提供大学毕业证购买、补办成绩单及各类分数修改等服务;归国认证方面,提供《留信网入库》申请、《国外学历学位认证》申请以及真实学籍办理等服务,帮助众多莘莘学子实现了一个又一个梦想。
专业服务,请勿犹豫联系我
如果您真实毕业回国,对于学历认证无从下手,请联系我,我们免费帮您递交
诚招代理:本公司诚聘当地代理人员,如果你有业余时间,或者你有同学朋友需要,有兴趣就请联系我
你赢我赢,共创双赢
你做代理,可以帮助悉尼大学同学朋友
你做代理,可以拯救悉尼大学失足青年
你做代理,可以挽救悉尼大学一个个人才
你做代理,你将是别人人生悉尼大学的转折点
你做代理,可以改变自己,改变他人,给他人和自己一个机会过暑假的小学生快乐的日子总是过得飞快山娃尚未完全认清那几位小朋友时他们却一个接一个地回家了山娃这时才恍然发现二个月的暑假已转到了尽头他的城市生活也将划上一个不很圆满的句号了值得庆幸的是山娃早记下了他们的学校和联系方式说也奇怪在山娃离城的头一天父亲居然请假陪山娃耍了一天那一天父亲陪着山娃辗转长隆水上乐园疯了一整天水上漂流高空冲浪看大马戏大凡里面有的父亲都带着他去疯一把山娃算了算这一次足足花了老爸元很
Recently uploaded (12)
HijackLoader Evolution: Interactive Process Hollowing
HijackLoader Evolution: Interactive Process Hollowing
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Honeypots Unveiled: Proactive Defense Tactics for Cyber Security, Phoenix Sum...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Securing BGP: Operational Strategies and Best Practices for Network Defenders...
Introducing the OWASP ModSecurity Core Rule Set
- 1. Christian Folini / @ChrFolini Introducing the OWASP ModSecurity Core Rule Set 3.0
- 2. Defense in Depth • 1st Line of Defense Seat Belts
- 3. The Plan for Today • Sampling Mode • Handling of False Positives • Predefined Rule Exclusions • Important Groups of Rules • Anomaly Scoring / Thresholds • Paranoia Levels / Stricter Siblings • What is a WAF / what is ModSecurity? • What is the Core Rule Set 3.0 (CRS3) • Installation (Demo) • Burp Research Results
- 4. WAF SETUPS Naïve • Overwhelmed • Functional
- 5. ModSecurity Embedded • Rule-Oriented • Granular Control
- 7. Installation Include in server config (depending on path): Include /etc/httpd/modsec.d/owasp-modsecurity- crs/crs-setup.conf Include /etc/httpd/modsec.d/owasp-modsecurity- crs/rules/*.conf Clone the repository: $> git clone https://github.com/SpiderLabs/owasp-modsecurity-crs Copy the example config: $> cp crs-setup.conf.example crs-setup.conf
- 8. Research based on 4.5M Burp requests.
- 9. Redir.: RFI: LFI: XSS: SQLi: CRS3 Default Install Redir.: RFI: LFI: XSS: SQLi: 0% 0% -100% -82% -100% Research based on 4.5M Burp requests.
- 10. Important Groups of Rules REQUEST-910-IP-REPUTATION.conf REQUEST-911-METHOD-ENFORCEMENT.conf REQUEST-912-DOS-PROTECTION.conf REQUEST-913-SCANNER-DETECTION.conf REQUEST-920-PROTOCOL-ENFORCEMENT.conf REQUEST-921-PROTOCOL-ATTACK.conf REQUEST-930-APPLICATION-ATTACK-LFI.conf REQUEST-931-APPLICATION-ATTACK-RFI.conf REQUEST-932-APPLICATION-ATTACK-RCE.conf REQUEST-933-APPLICATION-ATTACK-PHP.conf REQUEST-941-APPLICATION-ATTACK-XSS.conf REQUEST-942-APPLICATION-ATTACK-SQLI.conf REQUEST-943-APPLICATION-ATTACK-SESS-FIX.conf REQUEST-949-BLOCKING-EVALUATION.conf Rules Targetting the Request
- 11. Important Groups of Rules RESPONSE-950-DATA-LEAKAGES.conf RESPONSE-951-DATA-LEAKAGES-SQL.conf RESPONSE-952-DATA-LEAKAGES-JAVA.conf RESPONSE-953-DATA-LEAKAGES-PHP.conf RESPONSE-954-DATA-LEAKAGES-IIS.conf RESPONSE-959-BLOCKING-EVALUATION.conf Rules Targetting the Response
- 12. Anomaly Scoring Adjustable Limit • Blocking Mode • Iterative Tuning
- 13. Redir.: RFI: LFI: XSS: SQLi: 0% 0% -100% -82% -100% CRS3 Default Install Research based on 4.5M Burp requests.
- 14. Paranoia Levels Paranoia Level 1: Minimal amount of False Positives Basic security Paranoia Level 2: More rules, fair amount of FPs Elevated security level Paranoia Level 3: Specialised rules, more FPs Online banking level security Paranoia Level 4: Insane rules, lots of FPs Nuclear power plant level security
- 15. Paranoia Levels Paranoia Level 1: 31 rules Paranoia Level 2: 7 rules Paranoia Level 3: 1 rule Paranoia Level 4: 4 rules Example: Protocol Enforcement Rules
- 16. Stricter Siblings Paranoia Level 1: Rule 920270: Full ASCII range without null character Paranoia Level 2: Rule 920271: Full visible ASCII range, tab, newline Paranoia Level 3: Rule 920272: Visible lower ASCII range without % Paranoia Level 4: Rule 920273: A-Z a-z 0-9 = - _ . , : & Example: Byte Range Enforcement
- 17. Sampling Mode • Define sampling percentage n • Only n% of requests are funnelled into CRS3 • 100%-n% of requests are unaffected by CRS3 Limit CRS Impact During Proof of Concept
- 18. False Positives • Fight FPs with Rule Exclusions • Follow Tutorials at https://www.netnea.com • Download Cheetsheet from Netnea False Positives will haunt you from PL2
- 19. Predefined Rule Exclusions Currently Supported: • Wordpress (Default install) • Drupal (Core) In the Queue: • Typo3 (Default Install) • Piwik (Default Install) … contributions welcome! Enable Rule Exclusions for Specific Applications
- 20. Roundup CRS3 • 1st Line of Defense against web attacks • Generic set of blacklisting rules for WAFs • Prevents 80% of web attacks with minimal FPs • Gives you granular control on indiv. parameters
- 21. Q&A CRS3 Christian Folini Contact me at: christian.folini@netnea.com @ChrFolini ModSecurity / CRS Tutorials: https://www.netnea.com ModSecurity / CRS Courses: https://feistyduck.co.uk ModSecurity Handbook: https://feistyduck.co.uk Voucher for book (40% of release price): AppSecEU