Difference between revisions of "AppSecEU08 Remo presentation"

From OWASP
Jump to: navigation, search
Line 11: Line 11:
 
'''About the Speaker:''' Christian Folini is an IT consultant based in Switzerland.  
 
'''About the Speaker:''' Christian Folini is an IT consultant based in Switzerland.  
 
His work is mostly focussed on Apache and things related to the architecture of multi-tier web applications.
 
His work is mostly focussed on Apache and things related to the architecture of multi-tier web applications.
Christian Folini works for netnea.com and holds a PhD in medieval history. He is one of the leaders of the Company of St. George.
+
Christian Folini works for [[http://www.netnea.com][netnea.com]] and holds a PhD in medieval history. He is one of the leaders of the Company of St. George.

Revision as of 03:17, 22 May 2008

Remo presentation (Positive ModSecurity rulesets / Input validation)

The most widespread approach to rulesets for ModSecurity and Web Application Firewall in general is to use negative rulesets. That is to defend against patterns of known attacks.

Such a "default permit" strategy is inadequate for network firewalls and it will also be inadequate for application layer defense in the long run.

Remo is a simple rule editor, that writes ModSecurity rules which in turn can be used inside a WAF running ModSecurity.

The speech will introduce black- and whitelist approaches and give a brief overview on Remo and the status of the project.

About the Speaker: Christian Folini is an IT consultant based in Switzerland. His work is mostly focussed on Apache and things related to the architecture of multi-tier web applications. Christian Folini works for [[1][netnea.com]] and holds a PhD in medieval history. He is one of the leaders of the Company of St. George.