Why This Course is for You
- Don't spend ages trying to figure out ModSecurity yourself — learn all the tricks with this practical course from a top ModSecurity expert
- Everything from how to install ModSecurity to how to take security of your applications to a new level
- Gain insight into ModSecurity blacklisting and whitelisting
- Learn how to set up the OWASP ModSecurity Core Rules
- Learn how to extract the information from the server and analyse it without ever leaving the shell
Course Outline
- Setting up Apache
- Compiling apache yourself
- Minimalistic Apache configuration
- Walk through the configuration
- Extending the logfiles
- IO and performance data
- GeoIP information
- TLS protocol and cipher
- ModSecurity infos
- Data extracting done fast
- Basic statistics on the data
- Setting up ModSecurity
- Compiling ModSecurity yourself
- ModSecurity base configuration
- Rule Engine
- Audit Engine
- Request limits
- First Steps with ModSecurity
- First rules
- Full transaction log
- ModSecurity Blacklisting (negative security model)
- ModSecurity Whitelisting (positive security model)
- Enabling the Core Rules
- Introduction to the Core Rules scoring concept
- A slightly different approach to their base config
- Testing core rules in action (includes attack scanner)
- Tuning the Core Rules
- Identify false positives
- Tune away the false positives
- Calculated approach to setting the scoring limits
- LogFile visualisation
- Histograms of traffic data
- Bell curve distributions in the shell
- Reverse Proxy setup
- Setting a standard Reverse Proxy
- Introduction to some ModRewrite Voodoo
- Apache Proxy Balancer
- Combining ModRewrite and Proxy Balancer
- Effective debugging
- The 4-shell setup
- Config window
- Controlling Apache
- HTTP requests with curl
- Logfile monitor
- Customizing the setup for your environment
- Open discussion
Bring your ideas and problems to the course and we will discuss them together.

