Tactical Defense

Overview

Ever wanted to create a WAF bypass exploit to compromise a web application? Do you want to detect attacks in real-time rather than finding a backdoor after you have been compromised? Do you want to protect your own web applications from Advanced Persistent Threats (APT)? This course will teach you how to achieve all of these goals.

News of web application hacks are reported on a daily basis. This is because developers often do not have the time or skills to focus on security, which is why WAFs offer an important added layer of protection. ModSecurity is an extremely popular open source web application firewall toolkit that can be used to help protect apps against known and 0-day vulnerabilities alike.

Based on the ModSecurity Handbook, this two-day boot-camp training is designed for people who want to quickly learn how to configure and deploy ModSecurity in the most effective manner possible. The course will cover topics such as the powerful rules language, extending functionality via the embedded Lua engine, and managing suspicious events via AuditConsole. Documented hands-on labs help students understand the inner workings of ModSecurity and how to deploy it securely. By leveraging the flexibility within ModSecurity, attendees will be able to write effective rules to mitigate complex web vulnerabilities.

Who should attend

• Penetration Testers, Security Officers, Security Auditors, System and Network Administrators, Analysts, Security Consultants and anyone else who wants to hone their web app defense skills.
• Anyone who is interested in web application security is a prime candidate for this course. Students will be taught from scratch everything they need to know to complete this course successfully and walk away with a thorough knowledge and practical skills on how to master ModSecurity.

Prerequisites

• Ability to work your way around Linux, e.g. the basic command line navigation.
• Ability to use a Linux text editor, such as vi, pico, joe, etc.
• Understand how to run a shell script.

What to bring

• Laptop capable of a 64-bit VMWare image.
• A VMWare product installed. Other virtualization technologies such as Virtualbox are NOT supported by the instructor. The instructor tested the VMs with VMware Player (free) and VMware Workstation (not free).
• An Ethernet connection.
• MINIMUM 1GB RAM required.
• 10 GB free Hard disk space
• USB 2.0 port to copy lab VMs

Trainer

Josh Amishav-Zlatin is the Director of Research and Development at Pure Hacking where he focuses on web application defensive research and develops customized ModSecurity rulesets to help customers reduce risk associated with their web applications. Before licensing changes, he was among the top three third-party plugin developers for Nessus and is among the top ten data manglers in the OSVDB project. Josh specializes in web application penetration testing, FOSS based security solutions and is currently involved with the OWASP Core Rule Set, AuditConsole and WASC Threat Classification projects. He is a very active member of the ModSecurity community and frequently speaks on innovative web application firewall solutions.

Josh has over 10 years of experience in the IT security industry, working with both financial and government clients to help secure their critical applications. He has run numerous training courses for clients around the world. These courses include web application penetration testing, infrastructure penetration testing and security testing automation. These have been run both face-to-face and online.