ModSecurity Masterclass Frankfurt

Feisty Duck is a London-based provider of computer security training. Our practical hands-on courses are taught in small groups and led by industry experts. Courses include SSL/TLS, Internet PKI and Apache/ModSecurity.

Feisty Duck

<H2>ModSecurity Masterclass </H2>
The Key to ModSecurity and the OWASP ModSecurity Core Rules with Christian Folini
This two-day course will help you set up an Apache webserver and install ModSecurity together with a tight ruleset. We will configure the server and talk about every single detail of the configuration to give you an expert understanding of how your server works and behaves.
The course is taught in small classes. 
<H2>Why this course is for you</H2>
<UL CLASS="large">
<LI>Don't spend ages trying to figure out ModSecurity yourself — learn all the tricks with this practical course from a top ModSecurity expert</LI>
<LI>Everything from how to install ModSecurity to how to take security of your applications to a new level</LI>
<LI>Gain insight into ModSecurity blacklisting and whitelisting</LI>
<LI>Learn how to set up the OWASP ModSecurity Core Rules</LI>
<LI>Learn how to extract the information from the server and analyse it without ever leaving the shell</LI>
</UL>
<H2>Target Audience</H2>
This course is for experienced Apache system administrators who want to boost their security and for maintainers of ModSecurity enabled services who want expert insight into the effective configuration and tuning. 
     Level: Intermediate / Advanced      Duration: 2 days      Extras: Lunch and refreshments included
We'll also give you a copy of ModSecurity Handbook, Second Edition, by Christian Folini and Ivan Ristić. 
<H2>Prerequisites</H2>
<UL>
<LI>Basic understanding of HTTP and Apache</LI>
<LI>Comfortable working in the shell</LI>
<LI>A physical or virtual machine with Ubuntu installed (versions: 14.04 LTS, 16.04 LTS, 16.10, 17.04 and 17.10)</LI>
</UL>
The teaching material will include all examples from the class and enable you to replay the full course at home.
<H2>Meet the Trainer</H2>
Dr. Christian Folini is a partner at <A HREF="https://www.netnea.com/" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">netnea AG</A> in Berne, Switzerland. He holds a PhD in medieval history and enjoys defending castles across Europe. Unfortunately, defending medieval castles is no big business anymore and Christian turned to defending web servers which he thinks equally challenging. With his background in humanities, Christian is able to bridge the gap between techies and non-techies. He brings more than ten years' experience in this role, specialising in <A HREF="https://www.netnea.com/cms/apache-tutorials" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">Apache / ModSecurity configuration</A>, <A HREF="https://lwn.net/Articles/338407/" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">DDoS defense</A> and threat modeling.
Christian is a frequent committer to the <A HREF="https://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Project" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer"> OWASP ModSecurity Core Rule Set</A>, vice president of <A HREF="https://www.swiss-cyber-experts.ch/cms/index-en.html" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">Swiss Cyber Experts</A> (a public private partnership), program chair of the <A HREF="https://swisscyberstorm.com/" TARGET="_blank" DATA-MSYS-CLICKTRACK="0" REL="nofollow noopener noreferrer">Swiss Cyberstorm conference</A> and president of the Company of St. George, a well known historical reenactment group.
<H2>Course Outline</H2>
1. Setting up Apache        a. Compiling apache yourself        b. Minimalistic Apache configuration        c. Walk through the configuration        d. Extending the logfiles               i. IO and performance data               ii. GeoIP information               iii. TLS protocol and cipher               iv. ModSecurity infos        e. Data extracting done fast        f. Basic statistics on the data
2. Setting up ModSecurity        a. Compiling ModSecurity yourself        b. ModSecurity base configuration              i. Rule Engine              ii. Audit Engine              iii. Request limits
3. First Steps with ModSecurity        a. First rules        b. Full transaction log
4. ModSecurity Blacklisting (negative security model)
5. ModSecurity Whitelisting (positive security model)
6. Enabling the Core Rules        a. Introduction to the Core Rules scoring concept        b. A slightly different approach to their base config        c. Testing core rules in action (includes attack scanner)
7. Tuning the Core Rules        a. Identify false positives        b. Tune away the false positives        c. Calculated approach to setting the scoring limits
8. LogFile visualisation        a. Histograms of traffic data        b. Bell curve distributions in the shell
9. Reverse Proxy setup        a. Setting a standard Reverse Proxy        b. Introduction to some ModRewrite Voodoo        c. Apache Proxy Balancer        d. Combining ModRewrite and Proxy Balancer
10. Effective debugging        a. The 4-shell setup               i. Config window               ii. Controlling Apache               iii. HTTP requests with curl               iv. Logfile monitor        b. Customizing the setup for your environment
11. Open discussion Bring your ideas and problems to the course and we will discuss them together.
<H2>Testimonials</H2>
"Christian's training materials, scripts and strategies for tuning, and review of our server config have been invaluable. I'm now pleased to say, based on the skills developed through the Christian's course / consultancy I have managed to get an *effective* mod-security implementation." Paul Beckett, University of East Anglia
"Christian's explanations are huge! That's impossible to beat." Toni Tauro, Swiss Post
<H2 CLASS="title"> </H2>
<H2 CLASS="title">FAQs</H2>
<DIV>
Where can I contact the organiser with any questions? Contact us at <A HREF="mailto:training@feistyduck.com" TARGET="_blank" REL="nofollow noopener noreferrer">training@feistyduck.com</A> with any questions about the event. 
What is the refund policy? Any cancellation by you must be made by emailing <A HREF="mailto:training@feistyduck.com" TARGET="_blank" REL="nofollow noopener noreferrer">training@feistyduck.com</A>. <A HREF="mailto:contact@feistyduck.com" TARGET="_blank" REL="nofollow noopener noreferrer"></A>
You may cancel or reschedule a course subject to the following charges:
<UL>
<LI>Cancellation or reschedule with more than 60 days’ notice prior to course start date – no charge</LI>
<LI>Cancellation or reschedule with 31-60 days’ notice prior to course start date - 50% of the course fee </LI>
<LI>Cancellation or reschedule with less than 30 days’ notice prior to course start date - 100% of the course fee</LI>
</UL>
Other dates? Can't make this date? Tickets sold out? Email <A HREF="mailto:training@feistyduck.com" TARGET="_blank" REL="nofollow noopener noreferrer">training@feistyduck.com</A> to be notified about the future dates.
</DIV>

Frankfurt

Our {communityGuidelinesLink} describe the sort of content we prohibit on Eventbrite. If you suspect an event may be in violation, you can report it to us so we can investigate.

To report other categories of prohibited or illegal content, submit {link}

ModSecurity Masterclass Frankfurt

More events from Feisty Duck

Discover more events from Feisty Duck, from Science & Tech to other experiences you might love.

Still looking for the right event?

Explore all events in Frankfurt/Main and filter by date, category, and more to find the perfect fit.

ModSecurity Masterclass Frankfurt

More events from Feisty Duck

Discover more events from Feisty Duck, from Science & Tech to other experiences you might love.

More Science & Tech events

Browse more Science & Tech events with different dates, prices, and formats to find your next great experience.

Still looking for the right event?

Explore all events in Frankfurt/Main and filter by date, category, and more to find the perfect fit.