The ModSecurity Web Application Firewall is hard. It’s a complex piece of software with a complicated configuration language. There are rough edges and if you happen to run the OWASP ModSecurity Core Rules, then you are likely to get more false alarms, than you are prepared for.
There is Ivan Ristić’s ModSecurity Handbook which serves as a reference guide. There is a long list of online articles in the form of Advanced ModSecurity Topics of the Week, that cover many different aspects of rule writing. Experts will also rely on Ryan Barnett’s Web Application Defender’s Cookbook which serves as an excellent handbook for those in the front line of the war.
- There is no guide to keep it all together.
- Nobody tells you how to best configure the baseline of your server.
- Nobody gives you advice when you want to make sense of the vast logfiles.
- Nobody serves as your guide for the extraction of the important information.
You will find blog posts explaining you how to handle an individual false positive, but nobody explains you how to handle thousands of them without losing your head. And nobody has yet described the best process to ease into a blocking ModSecurity setup with your productive site, when locking out users won’t be pardoned.
During the ten years I spent configuring ModSecurity, I have found an answer to these questions. I will show you what works and I will explain to you what usually ends up on the shelf (and why!). I will share the config snippets that form the missing link between the different components and I will hand out my scripts that allow you to shortcut many winding roads. This will kickstart your setup and it will save you many, many days of manual labour: It’s the fast road to a cost-effective ModSecurity installation fending off most of the OWASP Top 10 weaknesses.
“I’m now pleased to say, based on the skills developed through Christian’s course / consultancy I have managed to get an *effective* mod-security implementation.”
— Paul Beckett, University of Norfolk, Norwich
My course material has evolved over several years. Last Winter I expanded it substantially and re-polished the older bits. So when Ivan Ristić / Feisty Duck asked me to join their team of trainers and deliver my two day course in London, I was thrilled to be given this opportunity. This came exactly at the right moment and I am very excited. Teaching is fun and I enjoy it very much. And what I enjoy even more is meeting new people with new questions. Everybody in the room will attend the course with a background based in their own individual server setup. In my experience, this will bring us fruitful discussions and a real benefit for everybody. As far as I am concerned, this is actually the best part and a big incentive to run the course for me.
“Christian’s explanations are huge! That’s impossible to beat.
— Toni Tauro, Swiss Post, @eyenx
The course will be held at CodeNode in central London on September 23/24, 2016, a place I really look forward to check out myself. The CodeNode bar included. An early bird subscription is now open. And because it’s the first edition of this course and because I am so thrilled this is happening, I add a coupon code MODSECJUNE for the first 5 readers of my blog subscribing. Early bird and coupon code combined will save you 400£ on the two day course. The subscription will thus be 1095£ (about 1400 Euros).
- A detailed program of the course can be found here (there is still time to ask for special topics you want covered)
- And here is the link to the subscription
If there is interest, it is also possible to run the course locally at your site. Please contact firstname.lastname@example.org or email@example.com for a quote. In fact, since we announced the London training, the course has already been ordered by an individual company for an exclusive training.