[Owasp-modsecurity-core-rule-set] OWASP AppSecDC 2012 Conference

Ryan Barnett RBarnett at trustwave.com
Wed Mar 7 20:31:15 UTC 2012

I wanted to pass along this OWASP announcement to the lists - http://owasp.blogspot.com/2012/03/owasp-appsec-dc-2012.html

There are three ModSecurity related items at AppSecDC -

 1.  Virtual Patching Workshop – this is a 2 day training session that I will be running where we will be covering various virtual patching topics and also work extensively in hands-on labs using ModSecurity to help mitigate vulnerabilities found in the OWASP Broken Web Application Project.  Training details here: https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Training/Virtual_Patching_Workshop.  Registration is here: http://www.regonline.com/builder/site/Default.aspx?EventID=1021433
 2.  Web Application Defense with Bayesian Attack Analysis – this is a talk I am giving that demonstrates how to use the OSBF-Lua Bayesian Classifier module to add in bayesian analysis to ModSecurity to help detect web attacks.  https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Web_Application_Defense_with_Bayesian_Attack_Analysis
 3.  Dynamic DAST/WAF Integration – this is another talk I am giving that will demonstrate a working PoC integration between ModSecurity and the Arachni Scanner RPC service (www.arachni-scanner.com).  In the integration, ModSecurity can pass URL+Param+Cookie data to Arachni in real-time using the Lua API for targeted, on-demand assessments of resources.  ModSecurity will then check back in with Arachni to pull scan reports and save any vulnerability data to the RESOURCE collection for each URL.  With this vulnerability intelligence, we can then become more aggressive in blocking attacks targeting known vulnerable vectors.

I hope to see some of you at AppSecDC!


Ryan Barnett
Trustwave SpiderLabs
ModSecurity Project Leader
OWASP ModSecurity CRS Project Leader

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/attachments/20120307/5953d816/attachment.html>

More information about the Owasp-modsecurity-core-rule-set mailing list