Defensive Tools Workshop

Thursday, October 18, 2012

1:00 pm EST/10:00 am PST • FREE

60 minutes, including Q&A

Defending Against Advanced Targeted Attacks by Dirk Beste

We all know playing defense is hard. With offense, you only have to be right once to claim victory. Wouldn't it be great if the same rules applied to defense? If victory was as simple as stopping just 1 out of 100 daily attacks on your network, we'd all be going home early.

But that's not how it works.


Defense needs all the help it can get. And one of the best defensive tools in our Arsenal is the open-source WAF ModSecurity. Now, with ports to IIS7 and Niginx, ModSecurity is useable on 86% of the world's web servers.  SOURCE: Netcraft.com 


If your organization has a web server that needs defending, this webcast is for you.  Please join Black Hat in October for the following presentation:

Title: ModSecurity Quick-Start Overview


What is your organization's "Time-to-Fix" for vulnerabilities identified in your live web applications? How quickly can you respond to new attacks launched against your site? ModSecurity (www.modsecurity.org) is a hugely popular, cross-platform, open source web application firewall (WAF) toolkit that helps organizations to defend their live web applications. This webcast will provide a crash course showing how to quickly installing ModSecurity, utilize open source and commercial rule sets and highlight many of its cutting-edge capabilities.


Ryan C. Barnett is renowned in the web application security industry for his unique expertise. After a decade of experience defending government and commercial websites, Ryan joined Trustwave SpiderLabs Research Team. He specializes in application defense research and leads the open source ModSecurity web application firewall project.

In addition to his commercial work at Trustwave, Ryan is also an active contributor to many community-based security projects. He serves as the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set project leader and contributor on the OWASP Top Ten and AppSensor projects. He is a Web Application Security Consortium Board Member and leads the Web Hacking Incident Database and the Distributed Web Honeypot projects. At the SANS Institute, he is a certified instructor and contributor on the Top 20 Vulnerabilities and CWE/SANS Top 25 Most Dangerous Programming Errors projects.

Ryan is regularly consulted by news outlets who are seeking his insights and analysis on emerging web application attacks, trends and defensive techniques. Ryan is a frequent speaker and trainer at key industry events including Blackhat, SANS AppSec Summit and OWASP AppSecUSA.

Ryan has authored two web security books with titles such as: "Preventing Web Attacks with Apache" from Pearson Publishing and the forthcoming "Web Application Defender's Cookbook: Battling Hackers and Protecting Users" from Wiley Brothers Publishing.

Brought to you by:


Sustaining Partners