Difference between revisions of "OWASP ModSecurity Core Rule Set"

From OWASP
Jump to: navigation, search
(Created page with '== The presentation == rightDevelopers in large organizations are experiencing a move to a more holistic centralized management of application s…')
 
 
(3 intermediate revisions by 2 users not shown)
Line 1: Line 1:
 +
[[Image:468x60-banner-2010.gif|link=http://www.owasp.org/index.php?title=OWASP_AppSec_DC_2010]]
 +
 +
[https://guest.cvent.com/EVENTS/Register/IdentityConfirmation.aspx?e=d52c6f5f-d568-4e16-b8e0-b5e2bf87ab3a Registration] | [https://resweb.passkey.com/Resweb.do?mode=welcome_gi_new&groupID=2766908 Hotel] | [http://www.dcconvention.com/ Walter E. Washington Convention Center]
 +
<br>
 
== The presentation  ==
 
== The presentation  ==
  
[[Image:Owasp_logo_normal.jpg|right]]Developers in large organizations are experiencing a move to a more holistic centralized management of application source code and its review and reporting for vulnerabilities. Presented will be the vulnerability statistics, which were collected at various programming milestones for a range of applications from an enterprise-wide application development portfolio. Application vulnerabilities, which were detected using automated source code analysis tools were stored in a centralized database and reported back to developers and management with the intent of managing risk at an enterprise level. Reports aligned vulnerability classes to the OWASP Top 10. The centralized view of source code vulnerability metrics are shown to drive an enterprise approach to developing standardized security API’s throughout the SDLC.
+
[[Image:Ryan_Barnett-headshot.jpg|right]]This project just recently achieved Release Quality status as an OWASP Project.  http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project
 +
 
 +
This presentation will be an overview of the Core Rule Set functionality, what it does and doesn't do and all of the new features. We will also discuss the project synergies with other OWASP projects such as AppSensor.
  
== The speaker  ==
+
== Ryan Barnett ==
  
Speaker bio will be posted shortly.  
+
Ryan C. Barnett is a senior security researcher on Trustwave's SpiderLabs Team. He is a SANS Institute certified instructor and a member of both the Top 20 Vulnerabilities and CWE/SANS Top 25 Most Dangerous Programming Errors teams. In addition to working with SANS, he is also a WASC Member where he leads the Web Hacking Incidents Database (WHID) and Distributed Open Proxy Honeypots Projects and is also the OWASP ModSecurity Core Rule Set (CRS) project leader. Mr. Barnett has also authored a Web security book for Addison/Wesley Publishing entitled Preventing Web Attacks with Apache.  
  
 
[[Category:AppSec_DC_2010_Presentations]] [[Category:OWASP_Conference_Presentations]]
 
[[Category:AppSec_DC_2010_Presentations]] [[Category:OWASP_Conference_Presentations]]

Latest revision as of 12:12, 1 October 2010

468x60-banner-2010.gif

Registration | Hotel | Walter E. Washington Convention Center

The presentation

Ryan Barnett-headshot.jpg
This project just recently achieved Release Quality status as an OWASP Project. http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project

This presentation will be an overview of the Core Rule Set functionality, what it does and doesn't do and all of the new features. We will also discuss the project synergies with other OWASP projects such as AppSensor.

Ryan Barnett

Ryan C. Barnett is a senior security researcher on Trustwave's SpiderLabs Team. He is a SANS Institute certified instructor and a member of both the Top 20 Vulnerabilities and CWE/SANS Top 25 Most Dangerous Programming Errors teams. In addition to working with SANS, he is also a WASC Member where he leads the Web Hacking Incidents Database (WHID) and Distributed Open Proxy Honeypots Projects and is also the OWASP ModSecurity Core Rule Set (CRS) project leader. Mr. Barnett has also authored a Web security book for Addison/Wesley Publishing entitled Preventing Web Attacks with Apache.