Modsecurity

Duration: 4 Tage | Price Inhouse (without VAT): 8.490 € | Price Public (without VAT): 1.980 €

Scheduled Events

06.05.2024 - 08.05.2024
09.09.2024 - 11.09.2024

→ Request now

Description

Firewalls usually only allow an attacker to access the websites of a company. Therefore Web applications have become the main target of hackers. Most of today’s web applications are complicated Applications that generate content from databases. Incorrect programming often results in Vulnerabilities that allow an attacker to access, modify, or even manipulate arbitrary data. Delete Other programming errors allow the attacker to display fake websites, Determine logon information of real users or get command line access on the web server. This course shows the Admin how to use the OpenSource Web-Application-Firewall Modsecurity to build his web applications in Apache. Web server protects, modsecurity optimally adapts and monitors.

Prerequisites: Knowledge of Apache web server administration (course) Knowledge of attacks on web applications (course)

Contents

  • Installation and basic configuration of Modsecurity
  • Adaptation to your own web application
  • Prevention of false-positive messages
  • Adaptation of the supplied rules
  • Create your own rules
  • Use of the Modprofiler for automatic creation of rules
  • Advanced rules with Lua scripts
  • Monitoring the user session
  • Connection to the Modsecurity console with mlogc
  • Use in reverse proxy for the protection of alternative web servers

Request/Booking

If the participant differs: