Hi there, The recent Area41 conference in Zurich saw my presentation of the Core Rules 3.0 with the upcoming Paranoia Mode. My slides are at http://www.slideshare.net/ChristianFolini/owasp-modsecurity-core-rules-paranoia-mode
My presentation explained the Core Rules and the new Paranoia Mode. I showed stats about various tests of the ruleset in vanilla and attack situations. The core is the slide 21, where you see numbers of a big commercial b2c site with the new 3.0.0 CRS installed in parallel with 2.2.9. The numbers are impressive: Security is still very high and 99% of false positives are gone in the untuned default installation. While 3.0.0 is still in development it is now possible to run the ruleset in productive environments. The final slide announces a ModSecurity course in London on September 22/23: https://www.feistyduck.com/training/modsecurity-training-course I have also written a blog post about the course at https://www.netnea.com/cms/2016/06/20/more-about-the-modsecurity-course-in-london/ Teaching such a course is obviously a great opportunity for me. But beyond myself, it is also an interesting test case for ModSecurity: Does ModSecurity have the traction to allow for such a regular offering? So I am very excited at this moment in my career. And I want to give the ModSecurity community a place in the first row: So we created a coupon code MODSECML to give you privileged access. It will allow 5 people to attend with a 200£ discount. This combined with the early bird discount will bring you the course for 1095£ (about 1400 Euros). The course is also a place to meet and talk about ModSecurity and the Core Rules. The program I developed has enough air to respond to questions and discuss them in the group. And this is likely the most interesting thing about the course for me: To meet, to look at ModSecurity in detail and to talk about it. Please help me to spread the word and make this course a success. If you are interested in the course, but you think is a bit far, then Feist Duck is also interested to organise the course near you Please write to train...@feistyduck.com for a quote. In fact, there is some traction for a public course in Switzerland in August or perhaps October. Please get in touch if your are interested in this. Best regards, Christian -- ModSecurity Training in London: Sep 22/23, 2016 https://www.feistyduck.com/training/modsecurity-training-course mailto:christian.fol...@netnea.com twitter: @ChrFolini _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
