[TriLUG-announce] October 14 meeting: ModSecurity

[Justis Peters]

Title: Introduction to ModSecurity, the Open Source Web Application Firewall
Time & Place: October 14, 2010, 7pm, at Red Hat HQ
Presenter: Cristóbal Palmer
Official meeting announcement: http://trilug.org/ModSecurity-2010-10-14

About this talk:

So your web server listens on port 80 and your firewall blocks most 
everything else. Secure, right? How about that port 80? Do you trust 
your application code? Is your server patched? Are your developers 
really more clever than the folks who want to break in? Is security even 
on the mind of your developers?

Our traditional firewalls (packet filters) may have narrowed the field 
to HTTP, but crackers and worms have responded by refocusing their 
efforts directly at HTTP. Worse yet, most packet filters think all HTTP 
requests look legitimate. What's your next line of defense?

This presentation introduces ModSecurity, a web application firewall 
(WAF). ModSecurity is open source, mature, stable, flexible, and updated 
frequently. It can run embedded in Apache or as a reverse proxy in front 
of any traditional web server. It is highly discriminating and it 
definitely understands HTTP at a deeper level than your packet filter.

Come learn how to get started with ModSecurity. You'll be glad that you did.

About the presenter:

Cristóbal Palmer, a long-time member of the TriLUG Steering Committee, 
just finished his MSIS at UNC Chapel Hill, where he is a Systems 
Administrator with ibiblio.org. He also works with Caktus Consulting 
Group, a local django development shop.