ModSecurity Breach

Training

Training courses and certifications described will be available
in the second half of 2007.

ModSecurity: Deployment and Management

Overview

This two-day class is for those people who want to learn how to build and deploy a ModSecurity Web Application Firewall. We will also cover the open source ModSecurity Console, which helps manage alerts on suspicious web activity targeting your web servers. Hands-on labs with fully documented instructions help students deploy solid, secure ModSecurity installations and understand the inner workings of the premier open source web application firewall available today.

Target Audience:

  • Web Server Administrators
  • Web security administrators
  • Security consultants and others that are responsible for deploying open source web application firewalls in their organizations.

Prerequisites: This course assumes that students have a technical understanding of the HTTP protocol and a general understanding client server communications and network architecture. Proficiency with Linux and UNIX text editing tools (vi editor) is suggested, not required.

Course Outline

  1. Introduction to Web Application Firewalls
  2. Overview of the Web Application Firewall Evaluation Criteria
  3. Introduction to ModSecurity
  4. ModSecurity architecture
  5. ModSecurity deployment options
  6. ModSecurity installation
  7. ModSecurity configuration and operation
  8. ModSecurity directives and features overview
  9. ModSecurity rules primer
  10. ModSecurity tuning
  11. ModSecurity console deployment and usage

ModSecurity: Rules Writing Workshop

Overview

This two-day class provides an in-depth look at ModSecurity rules and ModSecurity rules language syntax. ModSecurity is currently the most widely used open source web application firewall product. Learning how to take advantage of the power behind ModSecurity rules can help web security administrators write and configure highly effective rules. This class features extensive hands-on rules development and testing to reinforce the theoretical concepts that are presented.

Target Audience:

  1. Web Server Administrators
  2. Web security administrators
  3. Security consultants and others that are responsible for deploying open source web application firewalls in their organizations.

Prerequisites: In order to gain the most value from the course, students should be familiar with Perl Compatible Regular Expressions (PCRE). This course assumes that students have a technical understanding of the HTTP protocol. Proficiency with Linux and UNIX text editing tools (vi editor) is suggested, not required.

Course Outline

  1. Introduction to ModSecurity’s Rule Language
  2. Anatomy of a ModSecurity rule
  3. Overview of PCRE
  4. Variables
  5. Transformation functions
  6. Actions
  7. Using advanced rule syntax with the “chain” action
  8. Overview of the Core Rule set
  9. Creating custom rules
  10. Virtual Patching
  11. Using initcol and setsid for stateful rules
  12. Good rule writing practices
  13. Testing rules
  14. Tuning rules
  15. Rule Debugging
  16. Rule management

ModSecurity Certification

This ModSecurity certification is centered on ModSecurity, the industry leading open source web application firewall. Candidates are assessed on a wide range of criteria that encompasses all the necessary open source components and technical skills for successful implementation and management of ModSecurity. Certified professionals stand out in the industry through the recognition of their expertise in the following areas:

  1. ModSecurity/Web Application Firewall Technology Theory
  2. Installation and Deployment
  3. ModSecurity Configuration and Usage
  4. ModSecurity Tuning Techniques
  5. ModSecurity Rules Language and Syntax
  6. Advanced Rule Options and Usage
  7. Effective and Performance Oriented Rule Writing
  8. Rule Set Management and Maintenance
  9. Effective use of the ModSecurity Console
  10. Implementation of Supporting Tools and Applications

Thi exam consists of 200 random questions with a time limit of 4 hours. Upon completion, students will immediately receive a score with a pass or fail grade. After successful completion of the exam, certificates are available when a score of 75% or better is achieved on the exam.

Previous Training Webcasts

Click here to register and view archived ModSecurity training webcasts. If you are already registered with the Breach Security Network, click here to login.
  • ModSecurity v2.0 Webcast Thursday, Jan 10th 2007
  • ModSecurity v2.0 Webcast Thursday, Dec 14th 2006