Black Hat USA 2008 Training
Caesars Palace Las Vegas • August 2-3, August 4-5
ModSecurity Bootcamp: Blackhat Edition
Ryan Barnett, Breach Security
Overview
ModSecurity is currently the most widely deployed web application firewall (WAF) product. This two-day, advanced boot-camp class is designed for those people who want to quickly learn how to build, deploy, and use ModSecurity in the most effective manner possible. The course will cover topics such as: the open source ModSecurity Console, which helps manage alerts on suspicious web activity targeting your web servers, and also provides an in-depth look at the extremely powerful ModSecurity 2.5 Rules Language. Learning how to take advantage of the power behind ModSecurity rules can help web security professionals write and configure highly effective rules to handle complex web vulnerabilities. Hands-on labs with fully documented instructions help students deploy solid, secure ModSecurity installations and understand the inner workings of the premier open source web application firewall available today.
Duration
2 days
Who Should Attend
This course assumes that students have a technical understanding of the HTTP protocol and a general understanding client server communications and network architecture. Proficiency with Linux and UNIX text editing tools (vi editor) is suggested, not required. Also, in order to gain the most value from day 2 of the course, students should be familiar with Perl Compatible Regular Expressions (PCRE).
Prerequisites
Students should have a basic understanding of TCP/IP networks and some familiarity with Windows and UNIX systems. Familiarity with computer security terminology and concepts is helpful.
Syllabus
Day 1:ModSecurity Overview and Rules Writing Workshop
- Introduction to Web Application Firewalls
- ModSecurity 2.5 Overview
- ModSecurity Rules Language Primer
- Request Phases
- Variables
- Transformation Functions
- Chain for Complex Rules
- Persistent Collections
- Anomaly Scoring
- Debug Log
- Core Rule Set Overview
- Handling False Positives and Creating Exceptions
- Rule Writing Tips
- Cool Rules
- ModSecurity console deployment and usage
Web Application Protection Lab
- Introduction to the WASC Threat Classification and the OWASP Top Ten
- Virtual Patching Overview
- Virtual Patching Lab
Trainer:
Ryan C. Barnett is a recognized security thought leader and evangelist who frequently speaks with the media and industry groups and presents at security conferences.
He is the director of application security at Breach Security. He is also a faculty member for the SANS Institute, where his duties include instructor/courseware developer for Apache Security/Building a Web Application Firewall Workshop, Top 20 Vulnerabilities Team Member and Local Mentor for the SANS Track 4, "Hacker Techniques, Exploits and Incident Handling" course. He holds six SANS Global Information Assurance Certifications (GIAC): Intrusion Analyst (GCIA), Systems and Network Auditor (GSNA), Forensic Analyst (GCFA), Incident Handler (GCIH), Unix Security Administrator (GCUX) and Security Essentials (GSEC).
Mr. Barnett also serves as the team lead for the Center for Internet Security Apache Benchmark Project and is a member of the Web Application Security Consortium. His web security book, "Preventing Web Attacks with Apache,” was published by Addison/Wesley in 2006.
|
Early:
Ends May 1 |
Regular: |
Late: |
Onsite: August 1 |
|
USD 1800 |
USD 2000 |
USD 2200 |
USD 2500 |