SecAppDev 2024 Faculty
Christian Folini
Project Co-Lead, OWASP CRS, OWASP ModSecurity
Dr. Christian Folini is a Swiss security engineer and open source enthusiast. He brings 15 years of experience with ModSecurity configuration in high security environments, DDoS defense and threat modeling. Christian Folini is the author of the 2nd edition of the ModSecurity Handbook and the best known teacher on the subject. He co-leads the OWASP ModSecurity and the OWASP CRS project and serves as the program chair of the “Swiss Cyber Storm” conference.
Don't miss out on SecAppDev!
Grab your seat nowAn open source WAF in a high security setting
Introductory lecture by Christian Folini in room West Wing
Wednesday June 5th, 09:00 - 10:30
Introduction to WAFs, a highly commercial market with a dominant open source offering, crazy incentives of WAF vendors, the history of online voting in Switzerland, the 2019 disaster and ray of hope cast by the WAF.
Key takeaway: Basic understanding of web application firewalls, their use cases and their limits.
WAF Whirlwind Tour - A one day introduction to OWASP ModSecurity and OWASP CRS
One-day workshop by Christian Folini in room Lemaire
Thursday June 6th, 09:00 - 17:30
The OWASP ModSecurity WAF engine and it's rule set counterpart OWASP CRS is the dominant team in the WAF world. Most commercial products are based on CRS and very often also ModSecurity. The key characteristic is the high detection rate and the transparency of the rule set. The generic nature of the rule set also comes with a painful downside: false positives.
In this one day workshop, we will look into the configuration of the WAF, we will write a few rules and we will namely fight false positives. The workshop is all you need to understand the basics and to get you started with WAF.
Learning goal: This workshop aims to equip participants with the skills to perform basic WAF configuration, write and read simple ModSecurity rules, and handle false positives.