Submitted by Ryan Barnett 03/09/2010
Just wanted to let everyone know that if you are headed to Blackhat USA 2010 this summer in Las Vegas, we have just added a 1-day workshop on the day before the Briefings start -
In the workshop, we will be mainly discussing the "Virtual Patching" concept of using a WAF (ModSecurity in this case) and we will use the OWASP WebGoat app as the target. In the workshop, we will talk virtual patching theory and then have hands-on labs where we will show how to use Mod to virtually patch the various WebGoat lessons. As a side note - we will also have a section on the new CRS v2.0 when discussing negative security models. So, if you want to come and dive into the deep-end of the pool and have fun using some of ModSecurity's advanced features (such as Lua and Content Injection) then sign-up now!
Brian Rectanus and I hope to see you all in Vegas!!! :)