SecAppDev 2024 Faculty
Christian Folini
Project Co-Lead, OWASP CRS, OWASP ModSecurity
Dr. Christian Folini is a Swiss security engineer and open source enthusiast. He brings 15 years of experience with ModSecurity configuration in high security environments, DDoS defense and threat modeling. Christian Folini is the author of the 2nd edition of the ModSecurity Handbook and the best known teacher on the subject. He co-leads the OWASP ModSecurity and the OWASP CRS project and serves as the program chair of the “Swiss Cyber Storm” conference.
WAF Whirlwind Tour - A one day introduction to OWASP ModSecurity and OWASP CRS
One-day workshop by Christian Folini in room Lemaire
Thursday June 6th, 09:00 - 17:30
The OWASP ModSecurity WAF engine and it's rule set counterpart OWASP CRS is the dominant team in the WAF world. Most commercial products are based on CRS and very often also ModSecurity. The key characteristic is the high detection rate and the transparency of the rule set. The generic nature of the rule set also comes with a painful downside: false positives.
In this one day workshop, we will look into the configuration of the WAF, we will write a few rules and we will namely fight false positives. The workshop is all you need to understand the basics and to get you started with WAF.
Learning goal: This workshop aims to equip participants with the skills to perform basic WAF configuration, write and read simple ModSecurity rules, and handle false positives.