der OWASP Hamburg Stammtisch freut sich auf ein weiteres Online-Event -- in English. And what we have to present is pretty interesting.
We welcome again Christian
Folini, project lead for the OWASP Core Ruleset, as our guest.
As the title indicates there's a new CRS release coming up.
Christian explains what that is about. Presentation language is
English probably, as mentioned. It would be great though if you
could answer the question in the RSVP accordingly.
Title: "What's new with the
ModSecurity Core Rule Set 4.0"
Speaker: Christian Folini
Location: Online, link is available 1-2 days before
Start: 9th of May 2022, 6:30 pm (CEST)
Networking: Stick around afterwards a bit. Grab a soda, beer, a wine or the like.
Building on the basic
introduction to the OWASP ModSecurity Core Rule Set (CRS)
presentation from April 2021, this talk will present an overview
of the upcoming CRS 4.0 release. We will look at new features
plugin functionality, new rules and important changes.
The talk will also cover the situation around ModSecurity and the emerging alternative WAF engine Coraza.
Christian Folini is a
security engineer and open source enthusiast. He
holds a PhD in medieval history and enjoys defending castles across
Europe. Unfortunately, defending medieval castles is not a big
business anymore and so, he turned to defending web applications, which he finds equally challenging. He brings more than ten years of experience with ModSecurity configuration in high security environments, DDoS defense and threat modeling. Christian Folini is the author of the second edition of the ModSecurity
Handbook and the best known teacher on the subject. He serves as the program chair of the "Swiss Cyber Storm" conference, the prime security conference in Switzerland. He is a frequent speaker at conferences, where he tries to use his background in the humanities to explain hardcore technical topics to audiences of different backgrounds.
How to participate
As always participation is
free, no strings attached. If you want to attend you either will
see at Meetup
the event URL at the RHS and are able to join the video
conference directly -- when you rsvp'd. I'll update the invite
URL ~ 1-2 days before. THE ONE WHICH YOU SEE NOW IS NOT CORRECT.
Also you would need a PIN which will be added then.
Alternatively if you send me
an e-mail I am happy to send you 1-2 days before the access
Please make sure when the talk starts your video and audio is off.
Our OWASP "Stammtisch"
Our meeting is about web
applications and their (in)security and/or about IT security in
general. People come together who care as a hobby or in their
job about information security: developers, managers, pentesters
and everybody else who's interested. The atmosphere is open and
relaxed. Who's coming to sell products or services: Move on,
this is not the right place. OWASP is about education and
sharing (mostly) technical information.
Feel free to forward our meetup URL to your colleagues or friends. They are welcome, too. Participation is free and open -- as the O in OWASP.
-- OWASP Volunteer Send me encrypted mails (Key ID 0x4D9CA7F2E2FA20B3)