Hands-On ModSecurity and Logging
This talk combines two of the OWASP top ten security risks: * Injections (A1:2017): We are using a simple application that is exploitable by an injection and will then secure it with ModSecurity. * Insufficient Logging & Monitoring (A10:2017): We are logging and monitoring the application both with and without ModSecurity with the open source Elastic Stack. To make it more interactive the audience has to do the injections, which we are then live monitoring and mitigating with ModSecurity.
Philipp lives to demo interesting technology. Having worked as a web, infrastructure, and database engineer for over ten years, Philipp is now working as a developer advocate at Elastic — the company behind the Elastic Stack consisting of Elasticsearch, Kibana, Beats, and Logstash. Based in Vienna, Austria, he is constantly traveling Europe and beyond to speak and discuss open source software, search, databases, infrastructure, and security.