Hands-On ModSecurity and Logging

A presentation at DevOpsFest in in Kyiv, Ukraine, 02000 by Philipp Krenn

This talk combines two of the OWASP top ten security risks:

  • Injections (A1:2017): We are using a simple application that is exploitable by an injection and will then secure it with ModSecurity.
  • Insufficient Logging & Monitoring (A10:2017): We are logging and monitoring the application both with and without ModSecurity with the open source Elastic Stack.

To make it more interactive the audience has to do the injections, which we are then live monitoring and mitigating with ModSecurity.

Video

Resources

The following resources were mentioned during the presentation or are useful additional information.

Buzz and feedback

Here’s what was said about this presentation on Twitter.