I have already received some direct emails with questions about the class, so I thought that I would reply to the list.
One question was – who is the target audience for this class? New users, intermediate or advanced?
Our goal is to have something for everyone. If you are a new user, then this will get you up to speed quickly with the basics of Mod, the Core Rules, etc... If you are an intermediate user, we will have some good topic coverage for common "gotchas" with rule writing and log analysis tips and tricks. And for advanced users, we have some sections dealing with the more complex and newer Mod 2.5 features (persistent collections with custom variables for identify brute force attacks, etc...).
The culmination on the afternoon of day 2 is an open "Virtual Patching" lab where we will front-end the OWASP WebGoat application and then try and use ModSecurity to address each vulnerability in the individual labs. This will be truly challenging for all participants as there are some labs that are pretty straight forward rules to prevent injection types of vulns. There are others, however, that are much more challenging to address “externally” with a WAF – so the advanced folks can try out their Mod Rules King-Fu!!!
I hope this info helps.