FYI – early bird discount rates end today. This workshop is going to be pretty hard core :) We are going to be using the OWASP Broken Web Applications VM - http://code.google.com/p/owaspbwa/wiki/ProjectSummary as it already has ModSecurity installed. It will give us a wide range of web apps/vulns to try and tackle. I also have a really cool integration between ModSecurity and Arachni (http://arachni-scanner.com/) that we will use.
Hope to see you at the workshop! -Ryan From: Ryan Barnett <rbarn...@trustwave.com<mailto:rbarn...@trustwave.com>> Date: Thu, 19 Jan 2012 10:04:50 -0600 To: "mod-security-us...@lists.sourceforge.net<mailto:mod-security-us...@lists.sourceforge.net>" <mod-security-us...@lists.sourceforge.net<mailto:mod-security-us...@lists.sourceforge.net>>, "owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>" <owasp-modsecurity-core-rule-set@lists.owasp.org<mailto:owasp-modsecurity-core-rule-set@lists.owasp.org>> Subject: ModSecurity Virtual Patching Workshop/Training at OWASP AppSecDC 2012 OWASP has just announced that my 2-day ModSecurity Virtual Patching Workshop training class as part of AppSecDC 2012 is online - https://www.owasp.org/index.php/OWASP_AppSec_DC_2012/Training/Virtual_Patching_Workshop In this training, we will walk through the theory of Virtual Patching – when, where and how to best use it. We will be working through the "Virtual Patching: Best Practices" document and even be updating it as we go with feedback. We will then have hands-on labs where our goal will be to virtually patch as many of the OWASP WebGoat vulnerabilities as possible. We will also cover topics such as automatic virtual patch creation from web app scanner output (with a lab). Let me know if you have any questions or comments. I hope you will join me for this in-depth workshop! -- Ryan Barnett Senior Security Researcher Trustwave - SpiderLabs www.trustwave.com ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
