[OWASP-Switzerland] Links to presentation, summary, more stuff and a good joke

Christian Folini christian.folini at netnea.com
Sun Nov 23 13:28:34 UTC 2014


Hi there,

Thanks again for attending my ModSecurity presentation in such big
numbers in Zurich the other day. I really liked the discussion after the
talk: It makes a lot of sense before you commit yourself to a tool like
ModSec. Bloody useful but one hell of a steep learning curve and a lot
of pain when maintaining your ruleset.

There are a few resources, I would like to share with you:
 - A summary of the presentation and the discussion:
   http://www.netnea.com/cms/2014/11/18/summary-of-modsecurity-talk-owasp-ch/
 - The presentation itself:
   http://www.christian-folini.ch/pub/owasp-ch-folini-nov-2014.pdf
 - The modsec-positive-stats.rb script:
   https://raw.githubusercontent.com/Apache-Labor/labor/master/labor-06/modsec-positive-stats.rb

The script is quite easy to use. You pipe a file full of Anomaly Scores
into the script.  Each line is a request. Incoming and Outgoing score
are separated by a semicolon.

-----------------------------------------------------------------------

$> cat scores.txt
...
0;0
2;0
0;0
3;0
12;0
0;2
...
$> cat scores.txt | modsec-positive-stats.rb

INCOMING                   Num of req. | % of req. |  Sum of % | Missing %
Number of incoming req. (total) |10000 | 100.0000% | 100.0000% |   0.0000%

Empty or miss. incoming score   |    0 |   0.0000% |   0.0000% | 100.0000%
Reqs with incoming score of   0 | 9970 |  99.7000% |  99.7000% |   0.3000%
Reqs with incoming score of   1 |    4 |   0.0400% |  99.7400% |   0.2600%
Reqs with incoming score of   2 |   21 |   0.2100% |  99.9500% |   0.0500%
Reqs with incoming score of   3 |    0 |   0.0000% |  99.9500% |   0.0500%
Reqs with incoming score of   4 |    4 |   0.0400% |  99.9900% |   0.0100%
Reqs with incoming score of   5 |    1 |   0.0100% | 100.0000% |   0.0000%

Average:   0.0067        Median 0.0000         Standard deviation   0.1329


OUTGOING                   Num of req. | % of req. |  Sum of % | Missing %
Number of outgoing req. (total) |10000 | 100.0000% | 100.0000% |   0.0000%

Empty or miss. outgoing score   |    0 |   0.0000% |   0.0000% | 100.0000%
Reqs with outgoing score of   0 | 9997 |  99.9700% |  99.9700% |   0.0300%
Reqs with outgoing score of   1 |    0 |   0.0000% |  99.9700% |   0.0300%
Reqs with outgoing score of   2 |    0 |   0.0000% |  99.9700% |   0.0300%
Reqs with outgoing score of   3 |    0 |   0.0000% |  99.9700% |   0.0300%
Reqs with outgoing score of   4 |    2 |   0.0200% |  99.9900% |   0.0100%
Reqs with outgoing score of   5 |    1 |   0.0100% | 100.0000% |   0.0000%

Average:   0.0013        Median 0.0000         Standard deviation   0.0755

-----------------------------------------------------------------------

I have written two additional blogposts since our talk. You can reach them
via my website at http://www.christian-folini.ch. 

One is about an admin.ch sponsored convention about cyber risks in Berne
this week. Eweline Widmer-Schlumpf opened the conference and explained
upcoming cyber risks as follows:
Fridges can now order milk for you. That's usually seen as convenient. 
The problem starts when the milk orders a fridge for you.

btw: don't forget to follow me on twitter. My handle is @ChrFolini.

Best regards!

Christian Folini


-- 
For my part I believe in the forgiveness of sin and the redemption of
ignorance.
-- Adlai Stevenson


More information about the Owasp-Switzerland mailing list