It’s been over a decade since the initial release of the OWASP Core Rule Set (CRS), a set of open source web application security controls written in the ModSecurity SecRules language. In that time, CRS has become the defacto standard for various WAFs and expanded capabilities to cover everything from basic UTF-7 XSS to Java Deserialization and everything in between. In this talk we’ll discuss how both traditional and modern web environments deploys CRS, the features of upcoming releases, and how to deal with common issues that may be encountered.
Chaim is the Security Lead at ZeroFOX, which provides comprehensive social media protection for enterprises. Outside of ZeroFOX he teaches for the computing security department at the Rochester Institute of Technology. His areas of interest include web security with a focus on defensive web technologies. Chaim contributes to several Open Source projects including ModSecurity and OWASP Core Rule Set, where he serves as the project leader.