For those of you who are looking for some hands-on ModSecurity training this Fall, I will be running a 2-day class at the upcoming OWASP AppSecUSA conf -

The training is based on my book ( and will provide hands-on Labs using the OWASP Broken Web Application (BWA) VM.

If you are interested in the following topics, you should consider signing up!
  • Effectively using the OWASP ModSecurity CRS
  • Using Bayesian Detection
  • Virtual Patching
  • Setting HoneyTraps
  • Spoofing Successful Exploits
  • Leveraging 3rd Party IP Reputation
  • Identifying Session Hijacking Attacks
  • XSS Mitigation with JS Sandboxes
By the way there may be an opportunity to put these new skills to the test by joining in on the OWASP Capture the Flag (CTF) competition -  Still working on details.

Hope to see you there.

Ryan Barnett
Trustwave SpiderLabs
ModSecurity Project Leader
OWASP ModSecurity CRS Project Leader

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.