ModSecurity / OWASP Core Rule Set Course

The Key to ModSecurity and the OWASP ModSecurity Core Rule Set with Christian Folini

This two-day course will help you set up a webserver and install ModSecurity together with a tight ruleset. We will configure the server and talk about every single detail of the configuration to give you an expert understanding of how your server works and behaves.

The course is taught in small classes.

Why this course is for you

• Don't spend ages trying to figure out ModSecurity yourself — learn all the tricks with this practical course from a top ModSecurity expert
• Everything from how to install ModSecurity to how to take security of your applications to a new level
• Gain insight into ModSecurity blacklisting and whitelisting
• Learn how to set up the OWASP ModSecurity Core Rules
• Learn how to extract the information from the server and analyse it without ever leaving the shell
• Learn how to deal with false positives in a practical way

Target Audience

This course is for experienced system administrators who want to boost their security and for maintainers of ModSecurity enabled services who want expert insight into the effective configuration and tuning.

Level: Intermediate / Advanced
Duration: 2 days
Extras: Lunch and refreshments included

We'll also give you a copy of ModSecurity Handbook, Second Edition, by Christian Folini and Ivan Ristić.

The teaching material will include all examples from the class and enable you to replay the full course at home.

Prerequisites

• Basic understanding of HTTP and webservers
• Comfortable working in the shell
• A physical or virtual machine with Ubuntu installed (versions: 16.04 LTS, 18.04 LTS, 18.10 and 19.04)

Meet the Trainer

Dr. Christian Folini is a partner at netnea AG in Berne, Switzerland. He holds a PhD in medieval history and enjoys defending castles across Europe. Unfortunately, defending medieval castles is no big business anymore and Christian turned to defending web servers which he thinks equally challenging. With his background in humanities, Christian is able to bridge the gap between techies and non-techies. He brings more than ten years' experience in this role, specialising in Apache / ModSecurity configuration, DDoS defense and threat modeling.

Christian is the author of the 2nd edition of the ModSecurity Handbook, a co-lead the OWASP ModSecurity Core Rule Set, vice president of Swiss Cyber Experts (a public private partnership), program chair of the Swiss Cyberstorm conference and former president of the Company of St. George, a well known historical reenactment group.

Course Outline

1. Setting up the Apache webserver
a. Compiling Apache yourself
c. Walk through a minimal configuration
d. Extending the logfiles
i. IO and performance data
ii. GeoIP information
iii. TLS protocol and cipher
iv. ModSecurity infos
e. Data extracting done fast
f. Basic statistics on the data

2. Setting up ModSecurity
a. Compiling ModSecurity yourself
b. ModSecurity base configuration
i. Rule Engine
ii. Audit Engine
iii. Request limits

3. First Steps with ModSecurity
a. First rules
b. Full transaction log

4. ModSecurity Blacklisting (negative security model)

5. ModSecurity Whitelisting (positive security model)

6. Enabling the Core Rule Set
a. Introduction to the Core Rules scoring concept
b. A slightly different approach to their base config
c. Testing core rules in action (includes attack scanner)

7. Tuning the Core Rule Set
a. Identify false positives
b. Tune away the false positives
c. Calculated approach to setting the scoring limits

8. LogFile Visualisation
a. Histograms of traffic data
b. Bell curve distributions in the shell

9. Reverse Proxy Setup
a. Setting a standard Reverse Proxy
b. Introduction to some ModRewrite Voodoo
c. Apache Proxy Balancer
d. Combining ModRewrite and Proxy Balancer

10. Effective Debugging
a. The 4-shell setup
i. Config window
ii. Controlling Apache
iii. HTTP requests with curl
iv. Logfile monitor
b. Customizing the setup for your environment

11. Open Discussion
Bring your ideas and problems to the course and we will discuss them together.

Testimonials

"Christian's training materials, scripts and strategies for tuning, and review of our server config have been invaluable. I'm now pleased to say, based on the skills developed through the Christian's course / consultancy I have managed to get an *effective* mod-security implementation."
Paul Beckett, University of East Anglia

"Christian's explanations are huge! That's impossible to beat."
Toni Tauro, Swiss Post

"My understanding of ModSecurity now means my workload is reduced 90%!"
Participant from the University of Reading

"Very thorough course materials and tools to use modsecurity effectively."
David Buckle, UK Fast

"No marketing bullshit which I am tired off in my job"
Jakub, Sunrise

Excellent trainer. Really well explained both verbally and excellent lab guide.
Andrew Mallet, The Urban Penguin

FAQs