[Book Review] ModSecurity Handbook - 2nd Edition
- 2 minsThis blog post briefly reviews the ModSecurity Handbook - 2nd edition.
I have been working in the WAF industry for quite a long time. My main interest is WAF evasions, where I worked on the popular “Evading All WAF XSS Filters” research. In 2015, the research results showed that ModSecurity (with CRS) is the most difficult to evade, according to my testing.
After I finished my research, I became interested in ModSecurity and the OWASP Core Rule Set.
The problem I faced while working with ModSecurity is that most online resources need to be updated and fulfill my requirements at work. My alternative was the handbook’s first release, released in 2012. The book is a good learning resource, but ModSecurity has faced significant changes. I needed a more updated resource.
In December 2016, Dr. Christian Folini announced the finishing of the second release of the ModSecurity handbook. I was excited to get my copy, as OWASP CRS 3.0 was released two months before. The book is updated with up-to-date resources and covers the OWASP CRS 3.0, which is excellent.
The first chapter discusses beginner topics regarding WAFs and ModSecurity. Then, it dives into configuring ModSecurity on different web servers. After that, it discusses customizing logs to fit the administrator’s requirements.
The book starts with my favorite chapters, writing your own custom rules. It’s discussed extensively and is the most thorough documented rules writing guidance for ModSecurity.
It’s great to write your own WAF rules for ModSecurity. The CRS is quite generic to typical attacks, but any defender needs to write rules specific to exploit. The chapter discusses writing WAF rules extensively. You can write your WAF rules by having typical knowledge of regular expressions and reading this chapter.
The book also discusses the performance part of ModSecurity and how to tweak ModSecurity to perform better with available resources.
The ModSecurity handbook is a must-read book for any defender and anyone working on the technical side of the WAF industry. ModSecurity generally performs core tasks and requires good knowledge of configuration and administration. Working with ModSecurity would allow you to work with other WAFs more easily.
Amazon Link: https://www.amazon.com/ModSecurity-Handbook-Second-Christian-Folini/dp/1907117075
FeistyDuck Link: https://www.feistyduck.com/books/modsecurity-handbook/