Christian Folini

Christian Folini

netnea security engineer and partner

Dr. phil. (History), University of Fribourg, Switzerland

Steps and Skills

Christian Folini is a teacher, author and application security engineer with twenty years of experience.

Book cover: ModSecurity HandbookHe is the author of the 2nd edition of the ModSecurity Handbook and one of the best known experts of the Open Source ModSec Web Application Firewall (WAF). He is a Co-Lead of the OWASP ModSecurity Core Rule Set (CRS) project and represents the project externally. His best known contributions to the project are the concept of Paranoia Levels and his design of the plugin architecture as well as his set of canonical Apache / ModSecurity / Core Rule Set tutorials that he maintains on our website.

CRS LogoChristian Folini teaches ModSecurity and CRS in public and in inhouse settings. His courses have a very practical approach that teaches the participants the necessary skills to integrate and run ModSecurity / CRS in their organizations. His course agenda is the only education program available that covers the conceptual questions necessary to run the ModSec WAF on a scale.

Apart from several open source utilities, he has also developed C-Rex, a tools that helps businesses and organizations dealing with false alarms on a day to day base in a systematic and consistent way.

Photo: Christian Folini & Carmela Troncoso

Program Chair Christian Folini with EPFL Ass. Professor Carmela Troncoso at Swiss Cyber Storm

If you are interested to follow Christian Folini online, he’s active on Mastodon as and on twitter as @ChrFolini. He is also hosting a monthly ModSec / CRS webcast with news and practical workthroughs that are also published on youtube.

Dr. Christian Folini serves as board member and program chair of the Swiss Cyber Storm conference, that he also moderates annually. He is a frequent speaker at international conferences and maintains contact with an extensive network of security experts around the globe.

Selected Projects

  • ModSecurity Tuning of a large mobile provider in Switzerland
  • Designing and building of the WAF layer of one of the most prolific high security online services in Switzerland
  • Teaching ModSecurity on commercial integrations like AdNovum’s Nevis server, and United Security Providers Secure Entry Server and the Kemp / Progress LoadMaster.
  • Design and implementation of the reverse proxy layer for 120 dedicated services of a very big Swiss company
  • Series of four blog posts for a large commercial ModSecurity / CRS integrator
  • Author of several corporate DDoS defense handbooks

Interests and hobbies