Web Application Firewalls

Learn about the different types of WAF configurations, as well as the OWASP CRS and its capabilities.

6 videos  //  118 minutes of training

Free training week — 1,400+ on-demand courses and hands-on labs

Course description

This course covers the different types of configurations of a WAF and how to maintain an efficient WAF configuration. You’ll explore the components of the ModSecurity rules and the protections against the different types of attacks available from the OWASP core ruleset. You’ll also learn the capabilities and limitations of virtual patching using a WAF.

Course syllabus

Web Application Firewalls for ComplianceDuration: 11:50

Basic web application firewall benefits.

Web Application Firewalls for SecurityDuration: 24:43

Considerations for implementing a web application firewall.

Web Application Firewalls False PositivesDuration: 8:10

False positives, false negatives and associated problems.

ModSecurity and OWASP CRSDuration: 22:15

Introduction to ModSecurity and the attacks prevented by the OWASP Core Rule Set.

ModSecurity RulesDuration: 42:45

Understanding the ModSecurity rules.

Virtual PatchingDuration: 8:46

Virtual patching and its benefits.

Meet the author

Manuel Leos Rivas

LinkedIn

Manuel earned a bachelor’s degree in Business Administration and Computer Systems Engineering at the Universidad Autonoma de Nuevo Leon in Mexico and a Master of Sciences in Information Security Engineering with focus on Incident Response at the SANS Technology Institute. He holds around 40 cybersecurity-related certifications.

He started working full-time in the information security field in early 2000. Since 2012, Manuel has worked as a security expert, including supporting over a thousand WAFs to protect a variety of web applications. Starting in 2016, Manuel committed part of his personal time to improve the OWASP ModSecurity Core Rule Set, becoming an active rule developer. Since then he has contributed numerous new rules, fixed false positives and false negatives and assisted with many other improvements.

Plans & pricing

Infosec Skills Personal

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

Book a Meeting
  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Award-winning training that you can trust

IDC MarketScape Leader: U.S. IT Training

IDC MarketScape Leader: U.S. IT Training

Infosec Skills

eLearning Content

eLearning Content

Infosec Skills

Best Product - Cybersecurity Training for Infosec Professionals

Best Product - Cybersecurity Training for Infosec Professionals

Infosec Skills

Security Education & Platform

Security Education & Platform

Infosec Skills

Ranked #52 in Top 100 Global Software Sellers

Ranked #52 in Top 100 Global Software Sellers

Infosec