ModSecurity Training Course - The Key to ModSecurity and the OWASP ModSecurity Core Rules (London, Feisty Duck)

ModSecurity / OWASP CRS

The Key to ModSecurity and the OWASP ModSecurity Core Rules with Christian Folini

This two-day course will help you set up an Apache webserver and install ModSecurity together with a tight ruleset. We will configure the server and talk about every single detail of the configuration to give you an expert understanding of how your server works and behaves.

Please note: Zürich trainings are currently suspended due to the coronavirus crisis. Please contact us for alternatives and future dates.

Why This Course is for You

Don't spend ages trying to figure out ModSecurity yourself — learn all the tricks with this practical course from a top ModSecurity expert
Everything from how to install ModSecurity to how to take security of your applications to a new level
Gain insight into ModSecurity blacklisting and whitelisting
Learn how to set up the OWASP ModSecurity Core Rules
Learn how to extract the information from the server and analyse it without ever leaving the shell

Course Outline

Setting up Apache

Compiling apache yourself
Minimalistic Apache configuration
Walk through the configuration
Extending the logfiles

IO and performance data
GeoIP information
TLS protocol and cipher
ModSecurity infos

Data extracting done fast
Basic statistics on the data

Setting up ModSecurity

Compiling ModSecurity yourself
ModSecurity base configuration

Rule Engine
Audit Engine
Request limits

First Steps with ModSecurity

First rules
Full transaction log

ModSecurity Blacklisting (negative security model)
ModSecurity Whitelisting (positive security model)
Enabling the Core Rules

Introduction to the Core Rules scoring concept
A slightly different approach to their base config
Testing core rules in action (includes attack scanner)

Tuning the Core Rules

Identify false positives
Tune away the false positives
Calculated approach to setting the scoring limits

LogFile visualisation

Histograms of traffic data
Bell curve distributions in the shell

Reverse Proxy setup

Setting a standard Reverse Proxy
Introduction to some ModRewrite Voodoo
Apache Proxy Balancer
Combining ModRewrite and Proxy Balancer

Effective debugging

The 4-shell setup

Config window
Controlling Apache
HTTP requests with curl
Logfile monitor

Customizing the setup for your environment

Open discussion

Bring your ideas and problems to the course and we will discuss them together.

Meet the Trainer

Dr. Christian Folini is a partner at netnea AG He holds a PhD in medieval history and enjoys defending castles across Europe. Unfortunately, defending medieval castles is no big business anymore and Christian turned to defending web servers which he thinks equally challenging. With his background in humanities, Christian is able to bridge the gap between techies and non-techies. He brings more than ten years' experience in this role, specialising in Apache / ModSecurity configuration, DDoS defense and threat modeling.

Christian is a frequent committer to the OWASP ModSecurity Core Rule Set, vice president of Swiss Cyber Experts (a public private partnership), program chair of the Swiss Cyberstorm conference and many other things.

What You Need to Know

Target audience

This course is for experienced Apache system administrators who want to boost their security and for maintainers of ModSecurity enabled services who want expert insight into the effective configuration and tuning.

Prerequisites

Basic understanding of HTTP and Apache

Comfortable working in the shell

A physical or virtual machine with Ubuntu installed (versions: 16.04 LTS, 18.04 LTS, 18.10 and 19.04)

The teaching material will include all examples from the class and enable you to replay the full course at home.