OWASP Coraza: The way to WAF in 2023 @ OWASP Hamburg Meeting [online]
14 views
Skip to first unread message
Dirk W
Mar 10, 2023, 7:15:44 AM3/10/23
to germany...@owasp.org
Moin / Hello out there / Hola por ahí,
it's been a while :-) I haven´t much luck chasing speakers the past months. But the sun is shining again (in general, but right now snowing in Hamburg since hours), so here we go ;-)
We´d like to invite you to the next (online) meeting which fits into the previous WAF topics we had the honour to host. Thus I am glad we´ll have Felipe and Juan Pablo as our guests presenting us a modern approach to an Open-Source WAF: Coraza. Coraza is a a new OWASP project, currently in lab status. It's written in Go, supports ModSecurity SecLang rulesets and is 100% compatible with the OWASP Core Rule Set.
We'll start @ 3pm as there's a time difference to where the speaker's are joining us from.
In a nutshell
------------------
Location: Online
Start: 24th of March, 3pm CET (10 am EST)
Title: The way to WAF in 2023 [online)
Meetup: https://www.meetup.com/owasp-hamburg-stammtisch/events/292033499/
Speakers: Felipe Zipitria, Juan Pablo Tosso
Networking: Stick around afterwards a bit if you like.
Abstract
------------
We are fighting a 2023 problem by using early 2000s technology. The web has evolved. Therefore, the threats have evolved, SQL injection isn’t as common as it used to be, and attackers are now looking for more complex vulnerabilities that could provide faster and bigger profits. New technologies also come with new architecture and deployment requirements, so the final question becomes, how can we protect our applications without risking false positives or decreasing performance? OWASP Coraza’s goal is to solve these questions by providing a modern approach to Open-Source WAF using Golang. Coraza provides a modular, fast, developer-friendly, and efficient set of WAF capabilities that can be easily integrated into any program, it also provides connectors for Web Servers, API Gateways, HTTP frameworks, and more. Coraza is 100% compatible with OWASP Core Ruleset and extends ModSecurity capabilities to the 2020s internet.
Project Links:
https://www.coraza.io/
https://github.com/corazawaf/coraza
https://owasp.org/www-project-coraza-web-application-firewall/
Bios
------
Felipe has over 15 years of experience in the information security field. He regularly trains professionals from different backgrounds in application security, cloud security, and information security. He is a lecturer on Computer Security Foundations for graduates and Application Security for postgraduates at the local University where he lives, in Montevideo - Uruguay. He holds an MSc in Computer Security from the same University, UDELAR. Felipe also has contributed to the OWASP mission as a co-leader of the OWASP ModSecurity Core Rule Set Flagship project, the OWASP Coraza WAF project, and previously as Uruguay Chapter Leader.
Juan is a cybersecurity researcher from Chile. He enjoys writing open-source code, hiking, biking, spending time with his children, traveling, writing, and reading. He used to be a white hat hacker, but now turned to the blue side. He is the founder and project leader of the OWASP Coraza WAF project.
How to participate
--------------------------
Please make sure when the talk starts your video is off and you are muted. You’re welcome to participate with video and audio afterwards.
We´ll be guest of senfcall (a german membership corporation) which provides us with a privacy friendly video conference facility. Thank you!
https://lecture.senfcall.de/dir-o5v-cka-yx7
To get a feel when we’d be ready to start a short one-liner via mail or an RSVP @ Meetup (URL see above) would be appreciated.
Our OWASP "Stammtisch"
------------------------------------
Our meeting is about web applications and their (in)security and/or about IT security in general. People come together who care as a hobby or in their job about information security: developers, managers, pen testers and everybody else who's interested. The atmosphere is open and relaxed. Who's coming to sell products or services: Move on, this is not the right place. OWASP is about education and sharing (mostly) technical information.
Feel free to forward our meetup URL to your colleagues or friends. They are welcome, too. Participation is free and open -- as the O in OWASP.
Cheers, Dirk
PS: Outlook: Next meetings we'll present a new OWASP project -- OWASP Raider and a cool introduction into Rust. We plan both as hybrid sessions. OWASP Raider will be in English.
Cheers, Dirk
--
OWASP Volunteer
Send me encrypted mails (Key ID 0x4D9CA7F2E2FA20B3)
it's been a while :-) I haven´t much luck chasing speakers the past months. But the sun is shining again (in general, but right now snowing in Hamburg since hours), so here we go ;-)
We´d like to invite you to the next (online) meeting which fits into the previous WAF topics we had the honour to host. Thus I am glad we´ll have Felipe and Juan Pablo as our guests presenting us a modern approach to an Open-Source WAF: Coraza. Coraza is a a new OWASP project, currently in lab status. It's written in Go, supports ModSecurity SecLang rulesets and is 100% compatible with the OWASP Core Rule Set.
We'll start @ 3pm as there's a time difference to where the speaker's are joining us from.
In a nutshell
------------------
Location: Online
Start: 24th of March, 3pm CET (10 am EST)
Title: The way to WAF in 2023 [online)
Meetup: https://www.meetup.com/owasp-hamburg-stammtisch/events/292033499/
Speakers: Felipe Zipitria, Juan Pablo Tosso
Networking: Stick around afterwards a bit if you like.
Abstract
------------
We are fighting a 2023 problem by using early 2000s technology. The web has evolved. Therefore, the threats have evolved, SQL injection isn’t as common as it used to be, and attackers are now looking for more complex vulnerabilities that could provide faster and bigger profits. New technologies also come with new architecture and deployment requirements, so the final question becomes, how can we protect our applications without risking false positives or decreasing performance? OWASP Coraza’s goal is to solve these questions by providing a modern approach to Open-Source WAF using Golang. Coraza provides a modular, fast, developer-friendly, and efficient set of WAF capabilities that can be easily integrated into any program, it also provides connectors for Web Servers, API Gateways, HTTP frameworks, and more. Coraza is 100% compatible with OWASP Core Ruleset and extends ModSecurity capabilities to the 2020s internet.
Project Links:
https://www.coraza.io/
https://github.com/corazawaf/coraza
https://owasp.org/www-project-coraza-web-application-firewall/
Bios
------
Felipe has over 15 years of experience in the information security field. He regularly trains professionals from different backgrounds in application security, cloud security, and information security. He is a lecturer on Computer Security Foundations for graduates and Application Security for postgraduates at the local University where he lives, in Montevideo - Uruguay. He holds an MSc in Computer Security from the same University, UDELAR. Felipe also has contributed to the OWASP mission as a co-leader of the OWASP ModSecurity Core Rule Set Flagship project, the OWASP Coraza WAF project, and previously as Uruguay Chapter Leader.
Juan is a cybersecurity researcher from Chile. He enjoys writing open-source code, hiking, biking, spending time with his children, traveling, writing, and reading. He used to be a white hat hacker, but now turned to the blue side. He is the founder and project leader of the OWASP Coraza WAF project.
How to participate
--------------------------
Please make sure when the talk starts your video is off and you are muted. You’re welcome to participate with video and audio afterwards.
We´ll be guest of senfcall (a german membership corporation) which provides us with a privacy friendly video conference facility. Thank you!
https://lecture.senfcall.de/dir-o5v-cka-yx7
To get a feel when we’d be ready to start a short one-liner via mail or an RSVP @ Meetup (URL see above) would be appreciated.
Our OWASP "Stammtisch"
------------------------------------
Our meeting is about web applications and their (in)security and/or about IT security in general. People come together who care as a hobby or in their job about information security: developers, managers, pen testers and everybody else who's interested. The atmosphere is open and relaxed. Who's coming to sell products or services: Move on, this is not the right place. OWASP is about education and sharing (mostly) technical information.
Feel free to forward our meetup URL to your colleagues or friends. They are welcome, too. Participation is free and open -- as the O in OWASP.
Cheers, Dirk
PS: Outlook: Next meetings we'll present a new OWASP project -- OWASP Raider and a cool introduction into Rust. We plan both as hybrid sessions. OWASP Raider will be in English.
Cheers, Dirk
--
OWASP Volunteer
Send me encrypted mails (Key ID 0x4D9CA7F2E2FA20B3)
0 new messages