Register For ApacheCon

ApacheCon is a week of open source goodness straight from the source of the Apache Software Foundation, featuring 15 intense training classes over two days followed by three days of more than 50 sessions by the creators of open source software such as the Apache webserver, Tomcat, Lucene, Wicket and more.

Sponsors

Media Partners

Media Partner




Support ApacheCon

Support ApacheCon by displaying a banner on your website.

Support ApacheCon!

Have a Question?

Questions about the program? Interested in becoming a sponsor? Please contact the event planners if you have any questions. We look forward to seeing you in Amsterdam!

ApacheCon Session

Web Intrusion Detection with ModSecurity

3915-full
Intrusion detection is a well-known network security technique -- it introduces monitoring and correlation devices to networks, enabling administrators to monitor events and detect attacks and anomalies in real-time. Web intrusion detection does the same but it works on the HTTP level, making it suitable to deal with security issues in web applications. This session will start with an overview of web intrusion detection and web application firewalls, discussing where they belong in the overall protection strategy. The second part of the talk will discuss ModSecurity and its capabilities. ModSecurity is an open source web application firewall that can be deployed either embedded (in the Apache HTTP server) or as a network gateway (as part of a reverse proxy deployment). Now in it's fifth year of development, ModSecurity is mature, robust and flexible. Due to its popularity and wide usage it is now positioned as a de-facto standard in the web intrusion detection space.