CF
Uploaded byChristian Folini
9,946 views

OWASP ModSecurity Core Rules Paranoia Mode

The document outlines the core rules and settings for ModSecurity, particularly focusing on the OWASP ModSecurity Core Rule Set (CRS). It discusses the implementation of paranoia levels to manage false positives in security rule applications. Additionally, it highlights plans for future CRS updates and provides various resources and contact information for training on ModSecurity.

Embed presentation

Downloaded 35 times
Christian Folini (@ChrFolini) www.netnea.com Core Rules Paranoia Mode Zurich, June 10, 2016
WAF SETUPS Naïve • Overwhelmed • Functional
MODSEC Embedded • Rule-Oriented • Granular Control
RULE CONCEPTS Whitelisting • Blacklisting • Positive • Negative
xkcd: #327
Anomaly Scoring Adjustable Limit • False Positives
OWASP ModSecurity Core Rule Set Paranoia Mode : Basic Idea • Assign Rules According to False Positive Rate • Add Strict Siblings to Existing Rules • Introduce Paranoia Levels 1-4
Restricted SQL Chars CRS 2.2.9 : Rule ID 981173 ARGS_NAMES|ARGS|XML:/* "([~!@#$%^&*()-+={}[]|:;"'´’‘`<>].*?){5,}"
Restricted SQL Chars CRS 3.0.0dev : Rule ID 942430pp Paranoia Level 1: no limit Paranoia Level 2: limit 12 ID 942430 Paranoia Level 3: limit 6 ID 942431 Paranoia Level 4: limit 2 ID 942432
Hex Encodings : 0x[0-9a-f] Plan for CRS 3.0.0dev (Rule ID 942450) Paranoia 1: REQUEST_COOKIES_NAMES Paranoia 2: REQUEST_COOKIES
PHP Function Names in CRS 3.0.0dev by Walter Hop lifeforms.nl
Settings Matrix HIGH LOW LOW HIGH Anomaly Limit Paranoia Level Easing in Standard SITE Are you nuts? High Security
Photo Sources (all licensed via Creative Commons or in the public domain) • Discovery: https://www.flickr.com/photos/flowtastic/13385797723 (by Florian F. / Flowtography) • Watch: https://www.flickr.com/photos/billadler/391674817 (by Bill Adler) • Bamboozled: Hopefully public domain • xkcd: Little Bobby Tables: https://xkcd.com/327/ (by Randall Munroe) • Star Wars Limbo: https://www.flickr.com/photos/jdhancock/3605011903 (by JD Hancock) Christian Folini / @ChrFolini • christian.folini@netnea.com • https://www.netnea.com • https://github.com/SpiderLabs/owasp-modsecurity-crs/tree/v3.0.0-rc1
ModSecurity Course The Key to ModSecurity and the OWASP ModSecurity Core Rules with Christian Folini (@ChrFolini) London 22-23 Sep 2016 https://www.feistyduck.com/training/modsecurity (Local trainings available on request: training@feistyduck.com)

More Related Content

PPTX
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
byNGINX, Inc.
 
PDF
스프링 시큐리티 구조 이해
bybeom kyun choi
 
PDF
Same Origin Method Execution (BlackHat EU2014)
byBen Hayak
 
PDF
BugBounty Tips.pdf
byKhaledMohamed767546
 
PDF
Python. Объектно-ориентированное программирование
byTheoretical mechanics department
 
PPTX
A topology of memory leaks on the JVM
byRafael Winterhalter
 
PDF
Discover You Latent Food Graph with this 1 Weird Trick
byGrubhubTech
 
PPTX
OCJP Samples Questions: Exceptions and assertions
byHari kiran G
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA (Updated)
byNGINX, Inc.
 
스프링 시큐리티 구조 이해
bybeom kyun choi
 
Same Origin Method Execution (BlackHat EU2014)
byBen Hayak
 
BugBounty Tips.pdf
byKhaledMohamed767546
 
Python. Объектно-ориентированное программирование
byTheoretical mechanics department
 
A topology of memory leaks on the JVM
byRafael Winterhalter
 
Discover You Latent Food Graph with this 1 Weird Trick
byGrubhubTech
 
OCJP Samples Questions: Exceptions and assertions
byHari kiran G
 

What's hot

PPTX
Hunting for APT in network logs workshop presentation
byOlehLevytskyi1
 
PPTX
스프링 어플리케이션의 문제해결사례와 안티패턴
bySanghyuk Jung
 
PDF
DVGA writeup
byYu Iwama
 
PPTX
The OWASP Zed Attack Proxy
byAditya Gupta
 
PDF
XSS Magic tricks
byGarethHeyes
 
PDF
Just-In-Time Compiler in PHP 8
byNikita Popov
 
PPTX
Chaos Engineering for PCF
byVMware Tanzu
 
PDF
JSON with C++ & C#
byGyeongwook Choi
 
PPTX
Intro to Pentesting Jenkins
byBrian Hysell
 
PDF
Suricata: A Decade Under the Influence (of packet sniffing)
byJason Williams
 
PPTX
Cusomizing Burp Suite - Getting the Most out of Burp Extensions
byAugust Detlefsen
 
PDF
2021 ZAP Automation in CI/CD
bySimon Bennetts
 
PDF
Owasp zap
byColdFusionConference
 
PDF
Bug Bounty Hunter Tools.pdf
byinfosec train
 
PPTX
Créer et gérer une scratch org avec Visual Studio Code
byThierry TROUIN ☁
 
PDF
Baekjoon Online Judge 1019번 풀이
byBaekjoon Choi
 
PPTX
OWASP Zed Attack Proxy
byFadi Abdulwahab
 
PDF
Spring 3.1에서 ehcache 활용 전략
by흥래 김
 
PDF
Web Uygulama Güvenliği Ve Güvenli Kod Geliştirme Eğitim Notlarım
byNur Yesilyurt
 
PDF
Curso de Java #09 - Estruturas Condicionais (Parte 1)
byCurso em Vídeo - Cursos Grátis com Certificado
 
Hunting for APT in network logs workshop presentation
byOlehLevytskyi1
 
스프링 어플리케이션의 문제해결사례와 안티패턴
bySanghyuk Jung
 
DVGA writeup
byYu Iwama
 
The OWASP Zed Attack Proxy
byAditya Gupta
 
XSS Magic tricks
byGarethHeyes
 
Just-In-Time Compiler in PHP 8
byNikita Popov
 
Chaos Engineering for PCF
byVMware Tanzu
 
JSON with C++ & C#
byGyeongwook Choi
 
Intro to Pentesting Jenkins
byBrian Hysell
 
Suricata: A Decade Under the Influence (of packet sniffing)
byJason Williams
 
Cusomizing Burp Suite - Getting the Most out of Burp Extensions
byAugust Detlefsen
 
2021 ZAP Automation in CI/CD
bySimon Bennetts
 
Owasp zap
byColdFusionConference
 
Bug Bounty Hunter Tools.pdf
byinfosec train
 
Créer et gérer une scratch org avec Visual Studio Code
byThierry TROUIN ☁
 
Baekjoon Online Judge 1019번 풀이
byBaekjoon Choi
 
OWASP Zed Attack Proxy
byFadi Abdulwahab
 
Spring 3.1에서 ehcache 활용 전략
by흥래 김
 
Web Uygulama Güvenliği Ve Güvenli Kod Geliştirme Eğitim Notlarım
byNur Yesilyurt
 
Curso de Java #09 - Estruturas Condicionais (Parte 1)
byCurso em Vídeo - Cursos Grátis com Certificado
 

Viewers also liked

PDF
Breaking Bad CSP
byLukas Weichselbaum
 
PDF
Introduction to Mod security session April 2016
byRahul
 
PDF
Rainbow Over the Windows: More Colors Than You Could Expect
byPeter Hlavaty
 
PDF
Mod Security
byAbhishek Singh
 
PDF
Bypassing Web Application Firewalls
byOWASP (Open Web Application Security Project)
 
PDF
Protecting TYPO3 With Suhosin And Modsecurity
byXavier Perseguers
 
PPT
Paranoia Doll
byHelga
 
PPTX
WAF in Scale
byAlexey Sintsov
 
KEY
mod_security introduction at study2study #3
byNaoya Nakazawa
 
PPTX
Apache mod security 3.1
byHai Dinh Tuan
 
PDF
Web Intrusion Detection
byAbhishek Singh
 
PDF
Social Media Risk Metrics
byIftach Ian Amit
 
Breaking Bad CSP
byLukas Weichselbaum
 
Introduction to Mod security session April 2016
byRahul
 
Rainbow Over the Windows: More Colors Than You Could Expect
byPeter Hlavaty
 
Mod Security
byAbhishek Singh
 
Bypassing Web Application Firewalls
byOWASP (Open Web Application Security Project)
 
Protecting TYPO3 With Suhosin And Modsecurity
byXavier Perseguers
 
Paranoia Doll
byHelga
 
WAF in Scale
byAlexey Sintsov
 
mod_security introduction at study2study #3
byNaoya Nakazawa
 
Apache mod security 3.1
byHai Dinh Tuan
 
Web Intrusion Detection
byAbhishek Singh
 
Social Media Risk Metrics
byIftach Ian Amit
 

Similar to OWASP ModSecurity Core Rules Paranoia Mode

PDF
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
byChristian Folini
 
PDF
Introducing the OWASP ModSecurity Core Rule Set
byChristian Folini
 
PPTX
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
byNGINX, Inc.
 
PPTX
ModSecurity and NGINX: Tuning the OWASP Core Rule Set
byNGINX, Inc.
 
PDF
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
byNGINX, Inc.
 
PDF
BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...
byJosephTesta9
 
PDF
Introduction to ModSecurity and the OWASP Core Rule Set
byChristian Folini
 
PDF
Folini Extended Introduction to ModSecurity and CRS3
byChristian Folini
 
Extensive Introduction to ModSecurity and the OWASP Core Rule Set
byChristian Folini
 
Introducing the OWASP ModSecurity Core Rule Set
byChristian Folini
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set (Updated)
byNGINX, Inc.
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set
byNGINX, Inc.
 
ModSecurity and NGINX: Tuning the OWASP Core Rule Set - EMEA
byNGINX, Inc.
 
BSides Rochester 2018: Chaim Sanders: Easily Deploying and Optimizing Open So...
byJosephTesta9
 
Introduction to ModSecurity and the OWASP Core Rule Set
byChristian Folini
 
Folini Extended Introduction to ModSecurity and CRS3
byChristian Folini
 

More from Christian Folini

PDF
Optimizing ModSecurity on NGINX and NGINX Plus
byChristian Folini
 
PDF
What’s new in CRS4? An Update from the OWASP CRS project
byChristian Folini
 
PDF
Using a WAF to Make the Life of Bug Bounty Hunters Miserable
byChristian Folini
 
PDF
Crazy incentives and how they drive security into no man's land
byChristian Folini
 
PDF
OWASP ModSecurity - A few plot twists and what feels like a happy end
byChristian Folini
 
PDF
The Adventurous Tale of Online Voting in Switzerland
byChristian Folini
 
PDF
Crazy Incentives and How They Kill Security. How Do You Turn the Wheel?
byChristian Folini
 
PDF
Black alps 2018-folini-d-dos
byChristian Folini
 
PDF
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
byChristian Folini
 
PDF
Never Walk Alone - Inspirations from a Growing OWASP Project
byChristian Folini
 
PDF
EVoting in der Schweiz - Ein Fortsetzungsroman
byChristian Folini
 
PDF
E-Voting, die Sicherheit und die Rolle der Experten
byChristian Folini
 
PDF
Medieval Castles and Modern Servers
byChristian Folini
 
PDF
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
byChristian Folini
 
PDF
A General Look at the State of Security - AFCEA 2017
byChristian Folini
 
PDF
Gedanken zur elektronischen Stimmabgabe für Datenschützer
byChristian Folini
 
Optimizing ModSecurity on NGINX and NGINX Plus
byChristian Folini
 
What’s new in CRS4? An Update from the OWASP CRS project
byChristian Folini
 
Using a WAF to Make the Life of Bug Bounty Hunters Miserable
byChristian Folini
 
Crazy incentives and how they drive security into no man's land
byChristian Folini
 
OWASP ModSecurity - A few plot twists and what feels like a happy end
byChristian Folini
 
The Adventurous Tale of Online Voting in Switzerland
byChristian Folini
 
Crazy Incentives and How They Kill Security. How Do You Turn the Wheel?
byChristian Folini
 
Black alps 2018-folini-d-dos
byChristian Folini
 
Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set
byChristian Folini
 
Never Walk Alone - Inspirations from a Growing OWASP Project
byChristian Folini
 
EVoting in der Schweiz - Ein Fortsetzungsroman
byChristian Folini
 
E-Voting, die Sicherheit und die Rolle der Experten
byChristian Folini
 
Medieval Castles and Modern Servers
byChristian Folini
 
The Adventurous Tale of Online Voting in Switzerland (Usenix Enigma 2021 conf...
byChristian Folini
 
A General Look at the State of Security - AFCEA 2017
byChristian Folini
 
Gedanken zur elektronischen Stimmabgabe für Datenschützer
byChristian Folini
 

Recently uploaded

PPTX
Chapter-9 viruses in infected system.pptx
byfirehiwot8
 
PDF
Exploration of Fault Identification and Automatic Recovery in Cloud-based FPG...
bySatoshi Konno
 
PPTX
Chapter-1[0 handling infected system.pptx
byfirehiwot8
 
PPTX
Hire AI Developers | Agicent Technologies
byriveranicky099
 
PPTX
SaferNet: Simplifying Security with Smart Device Management
bySafernet
 
PDF
Mobile App Accessibility Standards Every Developer Should Know.pdf
bydavidjohansen1597
 
PDF
Using Geolocation Features To Personalize Mobile Apps.pdf
bydavidjohansen1597
 
PDF
What is eSIM - eSIM The Future of Mobile Connectivity.pdf
byContent Swap
 
PDF
Antrophic abuse by GTG-1002 group, cyber attack analysis by MITRE ATLAS and A...
byCarlo Dapino
 
PDF
Is AI Replacing Web Developers or Making Them Smarter.pdf
byNetzila Technologies
 
PDF
ResleekTV Review 2025: Is It the Best IPTV Service? Full Guide & Features
byStream Insight Reviews
 
PDF
Reducing the cost of ownership in e-commerce. Jakub Winkler, Meet Magento Net...
byJakub Winkler
 
PDF
From Technocracy to Data Sovereignty, Open Data and Geospatial Technologies
byFranz-Josef Behr
 
PDF
BELUGA slideshow funny and cool make you laugh
byjoshuaindrei
 
DOCX
How To Safely Buy an Instagram Account (Guide 2025).docx
bycucfuc315
 
PPTX
DISS presentation. pptx mmmmmmmmmmmmmmmmmm
byannamarietotong020
 
PPTX
Mod 2-ICT as the medium for advocacy.pptx
byMelyangIntong
 
Chapter-9 viruses in infected system.pptx
byfirehiwot8
 
Exploration of Fault Identification and Automatic Recovery in Cloud-based FPG...
bySatoshi Konno
 
Chapter-1[0 handling infected system.pptx
byfirehiwot8
 
Hire AI Developers | Agicent Technologies
byriveranicky099
 
SaferNet: Simplifying Security with Smart Device Management
bySafernet
 
Mobile App Accessibility Standards Every Developer Should Know.pdf
bydavidjohansen1597
 
Using Geolocation Features To Personalize Mobile Apps.pdf
bydavidjohansen1597
 
What is eSIM - eSIM The Future of Mobile Connectivity.pdf
byContent Swap
 
Antrophic abuse by GTG-1002 group, cyber attack analysis by MITRE ATLAS and A...
byCarlo Dapino
 
Is AI Replacing Web Developers or Making Them Smarter.pdf
byNetzila Technologies
 
ResleekTV Review 2025: Is It the Best IPTV Service? Full Guide & Features
byStream Insight Reviews
 
Reducing the cost of ownership in e-commerce. Jakub Winkler, Meet Magento Net...
byJakub Winkler
 
From Technocracy to Data Sovereignty, Open Data and Geospatial Technologies
byFranz-Josef Behr
 
BELUGA slideshow funny and cool make you laugh
byjoshuaindrei
 
How To Safely Buy an Instagram Account (Guide 2025).docx
bycucfuc315
 
DISS presentation. pptx mmmmmmmmmmmmmmmmmm
byannamarietotong020
 
Mod 2-ICT as the medium for advocacy.pptx
byMelyangIntong
 

OWASP ModSecurity Core Rules Paranoia Mode

  • 1.
    Christian Folini (@ChrFolini) www.netnea.com CoreRules Paranoia Mode Zurich, June 10, 2016
  • 2.
    WAF SETUPS Naïve •Overwhelmed • Functional
  • 3.
  • 4.
    RULE CONCEPTS Whitelisting •Blacklisting • Positive • Negative
  • 5.
  • 6.
  • 8.
    OWASP ModSecurity CoreRule Set Paranoia Mode : Basic Idea • Assign Rules According to False Positive Rate • Add Strict Siblings to Existing Rules • Introduce Paranoia Levels 1-4
  • 10.
    Restricted SQL Chars CRS2.2.9 : Rule ID 981173 ARGS_NAMES|ARGS|XML:/* "([~!@#$%^&*()-+={}[]|:;"'´’‘`<>].*?){5,}"
  • 11.
    Restricted SQL Chars CRS3.0.0dev : Rule ID 942430pp Paranoia Level 1: no limit Paranoia Level 2: limit 12 ID 942430 Paranoia Level 3: limit 6 ID 942431 Paranoia Level 4: limit 2 ID 942432
  • 12.
    Hex Encodings :0x[0-9a-f] Plan for CRS 3.0.0dev (Rule ID 942450) Paranoia 1: REQUEST_COOKIES_NAMES Paranoia 2: REQUEST_COOKIES
  • 16.
    PHP Function Namesin CRS 3.0.0dev by Walter Hop lifeforms.nl
  • 20.
    Settings Matrix HIGH LOW LOW HIGH AnomalyLimit Paranoia Level Easing in Standard SITE Are you nuts? High Security
  • 22.
    Photo Sources (all licensedvia Creative Commons or in the public domain) • Discovery: https://www.flickr.com/photos/flowtastic/13385797723 (by Florian F. / Flowtography) • Watch: https://www.flickr.com/photos/billadler/391674817 (by Bill Adler) • Bamboozled: Hopefully public domain • xkcd: Little Bobby Tables: https://xkcd.com/327/ (by Randall Munroe) • Star Wars Limbo: https://www.flickr.com/photos/jdhancock/3605011903 (by JD Hancock) Christian Folini / @ChrFolini • christian.folini@netnea.com • https://www.netnea.com • https://github.com/SpiderLabs/owasp-modsecurity-crs/tree/v3.0.0-rc1
  • 23.
    ModSecurity Course The Keyto ModSecurity and the OWASP ModSecurity Core Rules with Christian Folini (@ChrFolini) London 22-23 Sep 2016 https://www.feistyduck.com/training/modsecurity (Local trainings available on request: training@feistyduck.com)