Re: [mod-security-users] ModSecurity Training at Blackhat USA 2009

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Hey Ryan,

Thank you for sharing your course program with us.

This looks like an interesting course to me. Especially the emphasize on
Stephen's work regarding Webgoat is very interesting.
(for those who did not notice, it has appeared in print:
http://www.lulu.com/content/paperback-book/securing-webgoat-using-modsecurity/5082126)

What I miss is a detailed discussion of the audit-log format. Maybe
together with a closer look at the console or Christian Bockermann's
audit-viewer. (-> www.jwall.org<http://www.jwall.org>)

I wish I could participate at your teaching, but US Blackhat is a bit too far
for me.

Regs,

Christian

--
Christian Folini, IT 222
Webserver Security Engineer

________________________________
Von: Ryan Barnett [mailto:Rya...@br...]
Gesendet: Mittwoch, 3. Juni 2009 22:13
An: mod...@li...
Betreff: [mod-security-users] ModSecurity Training at Blackhat USA 2009

I wanted to send another note to the list to remind everyone that I will be teaching the ModSecurity training class at the upcoming Blackhat USA 2009 conference in Las Vegas, NV (http://blog.modsecurity.org/2009/05/modsecurity-training-at-blackhat-usa-2009.html).  Here is a breakdown of the basic course outline -

Course Syllabus (detailed) -

Day 1: ModSecurity Overview and Rules Writing Workshop
*         Introduction to Web Application Firewalls
*         ModSecurity 2.5 Overview
*         ModSecurity Rules Language Primer
o    Request Phases
o    Variables
o    Transformation Functions
o    Chain for Complex Rules
o    Persistent Collections
o    Anomaly Scoring
o    Debug Log
*         Core Rule Set Overview (version 1.7.0)
*         Handling False Positives and Creating Exceptions

Day 2: Web Application Protection Lab
*         Virtual Patching Overview
*         Virtual Patching Lab: Securing Webgoat with ModSecurity

Hands on Exercises

Hands-on labs will include installation and use of the ModSecurity and the OWASP Core Rule Set (CRS) on day 1, and a unique challenge on day 2 where the participants will have to use ModSecurity to try and mitigate as many vulnerabilities as possible in the OWASP Webgoat application.

An important note with the regards to the Core Rule Set overview - notice the version number 1.7.0.  We are currently putting the finishing touches on an extensive CRS update and we will be reviewing the new rule set structure during the class.  I also wanted to ask the community for some feedback to help decide what topics we should cover during the training.  Please let me know the following -

1)      If there are any specific topics that are missing and you feel should be covered, and

2)      If you are planning to attend the training.

Obviously, we will give greater consideration to those individuals who are planning to attend so that we can tailor the class accordingly.

Thanks,

Ryan