What is ModSecurity / CRS and why do you need it?

Worried about the security of your or your customers web applications and services? Anxious about vulnerabilities like log4shell? ModSecurity and the OWASP Core Rule Set (CRS) can help you out! ModSecurity/CRS is an industry-standard, open source web application firewall (WAF) that sits in front web applications and protects them against a broad range of security risks such as those described by the OWASP Top 10. With its flexibility and powerful rule based engine it can be an additional securiy layer in any hosting setup.

Besides protecting against known attack vectors it is also possible to deploy virtual patches rapidly if new vulnerabilities like log4shell emerge. This buys you or your customers valuable time to patch the affected systems.

Who is the teacher and what topics will be covered?

Your teacher Dr. Christian Folini is the co-lead of the OWASP CRS project and he has over 15 years of practical experience with ModSecurity. He is one of the best ModSecurity experts on a global scale and has been teaching ModSecurity for more than ten years.

The course will feature the following areas:

• Setup and installation of ModSecurity in heterogeneous and
  complex environments
• Writing simple deny-rules and working with allow-rules
• Installation and configuration of CRS
• Essential CRS concepts and how to work with them
• Tuning of false positives, use of available free utilities

And the best part: You get to discuss all your questions with the expert and the fellow students!

This course is a collaboration with SWITCH and it will be hosted on premise at SWITCH in Zurich.