CHF1,550 – CHF1,950

ModSecurity / OWASP Core Rule Set Course

Event Information

Share this event

Date and Time




Neugasse 6

8005 Zürich


Refund Policy

Refund Policy

Refunds up to 7 days before event

Event description


ModSecurity / OWASP Core Rule Set Course

The Key to ModSecurity and the OWASP ModSecurity Core Rule Set with Christian Folini

This two-day course will help you set up a webserver and install ModSecurity together with a tight ruleset. We will configure the server and talk about every single detail of the configuration to give you an expert understanding of how your server works and behaves.

The course is taught in small classes.

Why this course is for you

  • Don't spend ages trying to figure out ModSecurity yourself — learn all the tricks with this practical course from a top ModSecurity expert
  • Everything from how to install ModSecurity to how to take security of your applications to a new level
  • Gain insight into ModSecurity blacklisting and whitelisting
  • Learn how to set up the OWASP ModSecurity Core Rules
  • Learn how to extract the information from the server and analyse it without ever leaving the shell
  • Learn how to deal with false positives in a practical way

Target Audience

This course is for experienced system administrators who want to boost their security and for maintainers of ModSecurity enabled services who want expert insight into the effective configuration and tuning.

Level: Intermediate / Advanced
Duration: 2 days
Extras: Lunch and refreshments included

We'll also give you a copy of ModSecurity Handbook, Second Edition, by Christian Folini and Ivan Ristić.

The teaching material will include all examples from the class and enable you to replay the full course at home.


  • Basic understanding of HTTP and webservers
  • Comfortable working in the shell
  • A physical or virtual machine with Ubuntu installed (versions: 16.04 LTS, 18.04 LTS, 18.10 and 19.04)

Meet the Trainer

Dr. Christian Folini is a partner at netnea AG in Berne, Switzerland. He holds a PhD in medieval history and enjoys defending castles across Europe. Unfortunately, defending medieval castles is no big business anymore and Christian turned to defending web servers which he thinks equally challenging. With his background in humanities, Christian is able to bridge the gap between techies and non-techies. He brings more than ten years' experience in this role, specialising in Apache / ModSecurity configuration, DDoS defense and threat modeling.

Christian is the author of the 2nd edition of the ModSecurity Handbook, a co-lead the OWASP ModSecurity Core Rule Set, vice president of Swiss Cyber Experts (a public private partnership), program chair of the Swiss Cyberstorm conference and former president of the Company of St. George, a well known historical reenactment group.

Course Outline

1. Setting up the Apache webserver
a. Compiling Apache yourself
c. Walk through a minimal configuration
d. Extending the logfiles
i. IO and performance data
ii. GeoIP information
iii. TLS protocol and cipher
iv. ModSecurity infos
e. Data extracting done fast
f. Basic statistics on the data

2. Setting up ModSecurity
a. Compiling ModSecurity yourself
b. ModSecurity base configuration
i. Rule Engine
ii. Audit Engine
iii. Request limits

3. First Steps with ModSecurity
a. First rules
b. Full transaction log

4. ModSecurity Blacklisting (negative security model)

5. ModSecurity Whitelisting (positive security model)

6. Enabling the Core Rule Set
a. Introduction to the Core Rules scoring concept
b. A slightly different approach to their base config
c. Testing core rules in action (includes attack scanner)

7. Tuning the Core Rule Set
a. Identify false positives
b. Tune away the false positives
c. Calculated approach to setting the scoring limits

8. LogFile Visualisation
a. Histograms of traffic data
b. Bell curve distributions in the shell

9. Reverse Proxy Setup
a. Setting a standard Reverse Proxy
b. Introduction to some ModRewrite Voodoo
c. Apache Proxy Balancer
d. Combining ModRewrite and Proxy Balancer

10. Effective Debugging
a. The 4-shell setup
i. Config window
ii. Controlling Apache
iii. HTTP requests with curl
iv. Logfile monitor
b. Customizing the setup for your environment

11. Open Discussion
Bring your ideas and problems to the course and we will discuss them together.


"Christian's training materials, scripts and strategies for tuning, and review of our server config have been invaluable. I'm now pleased to say, based on the skills developed through the Christian's course / consultancy I have managed to get an *effective* mod-security implementation."
Paul Beckett, University of East Anglia

"Christian's explanations are huge! That's impossible to beat."
Toni Tauro, Swiss Post

"My understanding of ModSecurity now means my workload is reduced 90%!"
Participant from the University of Reading

"Very thorough course materials and tools to use modsecurity effectively."
David Buckle, UK Fast

"No marketing bullshit which I am tired off in my job"
Jakub, Sunrise

Excellent trainer. Really well explained both verbally and excellent lab guide.
Andrew Mallet, The Urban Penguin


Who is organising this course?
This training class is organised by netnea / Christian Folini in collaboration with Feisty Duck, London.

Where can I contact the organiser with any questions?
Contact us at with any questions about the event.

Can I get a proper invoice instead of booking via paypal / credit card?
Sure, just get in touch with and we'll sort it out.

What is the refund policy?
Any cancellation by you must be made by emailing

You may cancel or reschedule a course subject to the following charges:

  • Cancellation or reschedule with more than 60 days’ notice prior to course start date – no charge
  • Cancellation or reschedule with 31-60 days’ notice prior to course start date - 50% of the course fee
  • Cancellation or reschedule with less than 30 days’ notice prior to course start date - 100% of the course fee

Other dates?
Can't make this date? Tickets sold out? Email to be notified about the future dates.

Inhouse course?
This is a very successful course which has been taught inhouse at many companies including top global players. If you are interested in such a setting, get in touch with to get a quote.

Share with friends

Date and Time



Neugasse 6

8005 Zürich


Refund Policy

Refunds up to 7 days before event

Save This Event

Event Saved