Loading Events

« All Events

Introduction to ModSecurity / the OWASP Core Rule Set

June 23, 2019 @ 9:00 am 5:00 pm


This is the essential course on ModSecurity and the OWASP Core Rule Set (CRS). There are more than ten years of experience with practical ModSecurity in high security setting in this course. The teacher is one of the co-leads of the CRS project, author of the 2nd ed. of the ModSecurity Handbook and the best known instructor on the subject.

Intended Audience

This course is aiming at security engineers, SecDevOps people and those interested in web application firewalls.


  • 2-4 years of experience in the Linux shell.
  • Docker running on notebook, or remote access to a server with docker.

Training Outline/Syllabus

This single day course covers basic rule writing with ModSecurity in black listing and white listing mode. It will explain how to run CRS successfully and cover the tuning of false positives in an exercise with real traffic.

  • ModSecurity base configuration
  • ModSecurity Blacklisting (negative security model)
  • ModSecurity Whitelisting (positive security model)
  • Extracting and consolidating ModSecurity Alert messages from the logs
  • Introduction to the Core Rule Set (Scoring and Paranoia Levels)
  • Tuning the Core Rule Set
  • Identify false positives
  • Tune away the false positives
  • Calculated approach to setting the scoring limits and paranoia level

Trainer Bio

Christian Folini is a security engineer and open source enthusiast. He holds a PhD in medieval history and enjoys defending castles across Europe.
Unfortunately, defending medieval castles is not a big business anymore and so, he turned to defending web servers, which he finds equally challenging. He brings more than ten years of experience with ModSecurity configuration in high security environments, DDoS defense and threat modeling.

Christian Folini is the author of the second edition of the ModSecurity
Handbook and the best known teacher on the subject. He co-leads the OWASP ModSecurity Core Rule Set project and serves as the program chair of the “Swiss Cyber Storm” conference.  He is a frequent speaker at conferences, where he tries to use his background in the humanities to explain hardcore technical topics to audiences of different backgrounds.


June 23
9:00 am – 5:00 pm


Christian Folini

Naftali Building – Faculty of Social Sciences

Tel Aviv University
Tel Aviv, Israel
+ Google Map

Training Terms & Conditions

  • Training requires a minimum of 10 participants and no more than 25 per classroom.
  • Training session confirmation will be sent June 1st 2019.
  • Cancellation and refunds will not be available once session has been confirmed.
  • Questions? [email protected]
  • Full terms can be found at https://bsidestlv.com/trainingterms/