This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Learn More about the Tactical Defense With Mod Security Class

Jump to: navigation, search

Abstract: While application flaws should ideally be fixed in the source code, this is often not a feasible task for various reasons. Web application firewalls are often deployed as an additional layer of security that can monitor, detect and prevent attacks before they reach the web application. ModSecurity, an extremely popular open source web application firewall, is often used to help protect web applications against known and unknown vulnerabilities alike.

This two-day boot-camp training is designed for people who want to quickly learn how to configure and deploy ModSecurity in the most effective manner possible. The course will cover topics such as the powerful ModSecurity rules language, extending functionality via the embedded Lua engine and managing suspicious events via AuditConsole. Documented hands-on labs help students understand the inner workings of ModSecurity and how to deploy ModSecurity securely. By leveraging the flexibility within ModSecurity, attendees will be able to write effective rules to mitigate complex web vulnerabilities. The bootcamp will cover the following topics:

  • Introduction to Modsecurity
  • Deployment Options
  • Minimizing Deployment Issues
  • ModSecurity Installation
  • Apache Processing Phases
  • ModSecurity Rules Language Primer

o Variables

o Transformation Functions

o Chain for Complex Rules

o Persistent Collections

o Anomaly Scoring

o Debug Log

  • AuditConsole Installation, Configuration and Usage
  • OWASP Core Rule Set Overview
  • Lua – Extending the Rules
  • Handling False Positives and Creating Exceptions
  • Rule Writing Tips
  • Cool Rules for Complex Problems
  • Virtual Patching Overview
  • Virtual Patching Labs

Trainer Bio: Josh Amishav-Zlatin is the Director of Research and Development at Pure Hacking and has performed hundreds of penetration tests for large Financial and Governmental institutions worldwide. Josh specializes in FOSS based security solutions and is involved with the OWASP Core Rule Set, OSVDB and WASC Threat Classification projects.