Breaking the Perfect HTTP Feedback Loop with Chaos Fortress

HTTP provides attackers with a perfect feedback look to train their agents with adversarial machine learning. This presentation looks at the mechanisms at play and presents Chaos Fortress, a plugin for the popular OWASP CRS web application firewall. Chaos Fortress breaks the feedback loop and delays attacks with consistently random status codes and optional response delays. This forces attackers to slow down and to think what is really happening, hopefully convincing them to look for easier targets elsewhere.

speaker_info

About The Speaker

Christian Folini

Dr. Christian Folini is a Swiss security engineer and open source enthusiast. He brings 15 years of experience with ModSecurity configuration in high security environments, DDoS defense and threat modeling. Christian Folini is the author of the 2nd edition of the ModSecurity Handbook and the best known teacher on the subject. He serves as the program chair of the “Swiss Cyber Storm” conference and he is a member of the steering committee for the Swiss National Cyber Strategy.

Position:

Program Chair Swiss Cyber Storm Conference

Swiss Cyber Storm is an international IT security conference in the domain of cyber attacks and defense.
In a management and tech track, international experts talk about the latest findings, techniques, visions, opinions and lessons learned. To complement the talks, the conference features the opportunity to link with the swiss finalists team of the European Cyber Security Challenge. Swiss Cyber Storm provides a lot of room for the networking with national and international experts.

event_info