Great talks at OWASP AppSec Europe 2008 in Belgium
Judging from the list of talks alone, it looks like OWASP AppSec Europe in Belgium is going to be a great conference, especially if you are interested in web application firewalls and ModSecurity:
- I will be giving a talk on web application firewall evaluation (Evaluation Criteria for Web Application Firewalls), which will be based on the Web Application Firewall Evaluation Criteria (WAFEC) project.
- Christian Folini will be discussing the REMO project (Positive ModSecurity rulesets / Input validation).
- Alexander Meisel will be talking about how to best use a web application firewall (Best Practices Guide: Web Application Firewalls), which is based on the document of the same name (available in German, as PDF).
- Mario Heiderich will be promoting the PHPIDS project (PHPIDS Monitoring attack surface activity).
Ofer Shezaf, the Core Rules guru, and Ryan Barnett, the ModSecurity Community Manager will be there (Ofer will be giving his talk about web hacking trends: Trends in Web Hacking Incidents: What's Hot in 2008), as will be Christian Bockermann (it is rumoured), who has been working on some very interesting software related to ModSecurity.
Finally, Ryan is going to be teaching a two-day ModSecurity training course, which will cover a lot of ground, starting from the basics and into the advanced stuff. This is a great-value course, and I urge you to register if you are a ModSecurity user. You will not only find out about stuff you never knew existed in ModSecurity, but we will also give a thorough overview of various web application security issues.
In the recent survey, many people expressed a desire to meet with other ModSecurity users. Our community is large, but it's very diverse and spread geographically, and probably not yet large enough for regular local meetings. It strikes me that OWASP conferences may be a great opportunity for us to meet twice a year—once in Europe, and then the second time in the US. If you will be coming to the conference in Belgium and you are a ModSecurity user, please send me an email. With enough people interested, we may be able to organise a meeting.