Christian Folini
Welcome to my website. I am a Swiss security engineer and web application firewall expert working at netnea.com. I studied History and Computer Science and graduated with a PhD in Medieval History. I continue this interest with my commitment to the Company of St. George, a medieval reenactment group, that I directed for over ten years.
On this website, you will find links to my work in information technology and also texts and publications around history. Outside of that, there are also two or three interviews and portraits.
I am the author of the ModSecurity Handbook (2ed) and I co-lead the OWASP ModSecurity Core Rule Set (CRS) project that runs on millions of servers globally. Furthermore I serve as the program chair of the Swiss Cyber Storm conference.
People know me for my comprehensive set of 12 Tutorials about ModSecurity and the Core Rule Set. All released under Creative Commons license. I also teach ModSecurity and Core Rule Set courses and I consult companies who want to integrate ModSecurity and the Core Rule Set into their services or products, also in high security setups. If that is of interest to you, then please get in touch.
Lately, I’m running a blog about my work as election worker.
Security
2024
- List of Swiss cyber security organizations (17/September/2024)
- Article about the open source projects I am running in Inside-IT (German) (3/April/2024)
- Article about Ethical Hacking in Switzerland, in Inside-IT as co-author (20/March/2024)
- Article about E-Collecting in Switzerland, in Q / Schweizer Monat March 2024 (18/March/2024)
- Blog post about the OWASP CRS early blocking feature (27/February/2024)
- Slides of my OWASP NL presentation about the history and future of ModSecurity as an OWASP project (15/February/2024)
2023
- Interview about Supply Chain Security in Swiss IT magazine Netzwoche (German) (6/Dec/2023)
- Podcast reporting from the Swiss Cyber Storm conference for “Netzwoche”; Interview with me me in 2nd half (27/Oct/2023)
- Article in magazine Inside-IT about the grotesque security weaknesses of Swiss software company Xplain (13/July/2023)
- Article in Swiss IT Magazine about the history and status of EVoting in Switzerland (10/July/2023)
- Videocast discussion with Patrick Seemann about responsible disclosure in Switzerland for dnip.ch (starts at 3:45; German) (30/June/2023)
- Blog about my work as a Swiss election worker - part 5 (German) (23/June/2023)
- Portrait of mine covering everything I do from medieval history to E-Voting (German) (22/June/2023)
- Feature about E-Voting in the customers magazine of Swiss Post with a large statement of mine on page 8 (German) (22/June/2023)
- Blogpost covering the lessons learnt from the OWASP Core Rule Set bug bounty program (9/May/2023)
- Video of my Insomni’Hack 2023 Keynote about Incentives in IT Security. Lot’s of examples and a few conclusions (11/April/2023)
- Interview about E-Voting and Trust in Swiss online magazine Inside-IT (4/April/2023)
- Slides of my Insomni’Hack 2023 Keynote about Incentives in IT Security. Lot’s of examples and a few conclusions (23/March/2023)
- Blogpost with advice on the organization of a great security conference (20/March/2023)
- Webcast of the 401 Access Denied Podcast episode 75 with me talking about Security & Trust in Voting Systems (8/March/2023)
- Podcast : 401 Access Denied episode 75 with me talking about Security & Trust in Voting Systems (8/March/2023)
- Blogpost with an overview of the audience feedback for the Swiss Cyber Storm 2022 conference (23/January/2023)
2022
- Webcast #3 about CRS developer retreat, introducing CRS plugins and looking at some production logs and how to handle the false positives (9/December/2022)
- Podcast episode of weekly Swiss Insite-IT emission about public disclosure of security findings in Switzerland (9/December/2022)
- Guest piece about the shift of the Swiss NCSC under the roof of the miliary in Swiss online magazine Inside-IT (6/December/2022)
- Video of my Switch-Web-Security-Day presentation “Five Tricks to Ease the Introduction of ModSecurity and the OWASP Core Rule Set” (14/November/2022)
- Video of my OWASP AppSec EU presentation “What’s new in CRS 4” earlier this year (9/November/2022)
- Webcast #2 about GeoIP integration with ModSecurity and OWASP CRS, new releases and more false positive analysis (13/October/2022)
- Blogpost about the use of GeoIP information together with ModSecurity (12/October/2022)
- Podcast episode 201 of the “To the Point Cybersecurity” podcast with yours truely as a guest (4/October/2022)
- Webcast #1 about new ModSecurity releases 2.9.6 / 3.0.8, cunning body processor bypass and overview of logfile analysis (22/September/2022)
- Article in Swiss newspaper NZZ about dangers of E-Collecting (German) (2/September/2022)
- Podcast episode of InfoSecCampus with me talking about ModSecurity and the OWASP Core Rule Set (15/July/2022)
- Video of my First.org presentation “Never Walk Alone - Inspirations from a Growing OWASP project” (30/June/2022)
- Slides of my First.org presentation “Never Walk Alone - Inspirations from a Growing OWASP Project” (27/June/2022)
- Video of a NullCon Webinar introducing the “OWASP ModSecurity Core Rule Set” (10/June/2022)
- Slides of my “What’s new in CRS4?” talk at OWASP AppSec EU (9/June/2022)
- Video of my OWASP BeNeLux presentation about “Medieval Castles and Modern Servers” (29/May/2022)
- Blog about my work as a Swiss election worker - part 4 (German) (30/May/2022)
- Video of my Insomni’Hack presentation about the Adventurous Tale of E-Voting in Switzerland (25/March/2022)
- Slides of my Insomni’Hack 2022 presentation on the Adventurous Tale of Online Voting in Switzerland (25/March/2022)
- Blog about my work as a Swiss election worker - part 3 (German) (8/March/2022)
- Blog about the Early Blocking feature in CRS (2/March/2022)
- Video of my DigiGes presentation about the Adventurous Tale of E-Voting in Switzerland (German) (26/February/2022)
- Slides of my DigiGes Winterkonkgress 2022 presentation on E-Voting in Switzerland (26/February/2022)
- Blog about my work as a Swiss election worker - part 2 (German) (10/February/2022)
- Blog introducing the CRS Fake Bot plugin (9/February/2022)
- Blog about my work as a Swiss election worker - part 1 (German) (27/January/2022)
- Blog explaining CRS plugins (12/January/2022)
2021
- Blog explaining the situation with ModSecurity and introducing Coraza WAF as open source alternative (22/December/2021)
- Blog introducing the Coraza WAF on the OWASP blog (22/December/2021)
- Article in Swiss Newspaper NZZ quoting me extensively on the relationship between open source developers and commercial integrators (English version) (22/December/2021)
- Article in Swiss Newspaper NZZ quoting me extensively on the relationship between open source developers and commercial integrators (German version) (21/December/2021)
- Project calling for active attempts to bypass the CRS log4j / log4shell rules (16/December/2021)
- Live coverage of the log4j / log4shell vulnerability for the OWASP ModSecurity CRS project (13/December/2021)
- Webinar with a presentation about the role of Open Source for E-Voting systems (25/November/2021)
- Podcast of the Swiss Cyber Institute “Weekly Security Talks” episode 10 with me talking about online voting (16/November/2021)
- Interview with me about new procedures in CRS to avoid vulnerabilities in the rule set in “The Daily Swig”(5/November/2021)
- Blog covering the results of the Swiss Cyber Storm feedback survey (4/November/2021)
- Blog summing up the 2021 OWASP ModSecurity Core Rule Set developer retreat (1/November/2021)
- Blog post describing OWASP ModSecurity Core Rule Set Paranoia Levels in detail (28/October/2021)
- Article in Netzwoche about Swiss Cyber Storm conference 2021 with quotes by your’s truely (15/October/2021)
- Video of my #RomHack2021 talk “Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set”(25/September/2021)
- Slides of my #RomHack2021 talk “Securing Access to Internet Voting with the OWASP ModSecurity Core Rule Set”(25/September/2021)
- SCS in a Nutshell interview with startup founders Jean-Philippe Aumasson (Taurus) and Jonas Wagner (Threatray) (25/August/2021)
- Blogpost about the latest SCS in a Nutshell interview (25/August/2021)
- Blogpost covering CRS CVE-2021-35368, a request body bypass (30/June/2021)
- Interview with me in Security Expert Series of the Swiss Cyber Forum (9/June/2021)
- Podcast in the OWASP 20th anniversary series interviewing with me along with Simon Bennet from OWASP Zap and Steve Springett from OWASP Dependency Track (4/June/2021)
- Slides of my extensive introduction to ModSecurity and the OWASP Core Rule Set at the CISO Platform / SACON (2/Juni/2021)
- Article explaining how to tune false positives Kemp Loadmaster - for the Kemp Technologies blog (27/May/2021)
- Blogpost introducing the OWASP ModSecurity Core Rule Set Sampling Mode (25/May/2021)
- Blogpost with highlights and the full transcript of my SCS in a Nutshell interview with Myriam Dunn Cavelty and Thomas Süssli (25/May/2021)
- Article explaining how to deploy custom rules on the Kemp Loadmaster - for the Kemp Technologies blog (13/May/2021)
- SCS in a Nutshell with Myriam Dunn Cavelty and Thomas Süssli being interviewed by me (30/April/2021)
- Article explaining how to run OWASP CRS on the Kemp Loadmaster - for the Kemp Technologies blog (29/April/2021)
- Article introducing OWASP CRS on the Kemp Technologies blog (16/April/2021)
- Video of an extended and more technical edition of my “Adventurous Tale of Online Voting in Switzerland” talk for OWASP Belgium (19/March/2021)
- Blogpost with highlights and the full transcript of my SCS in a Nutshell interview with Tobias Ospelt and Raphaël Arrouas (15/May/2021)
- Blogpost announcing a partnership between NGINX and CRS (5/March/2021)
- Interview with me in the InfoSec and OSINT podcast of Josh Amishav-Zlatin (5/March/2021)
- Coverage of a ModSecurity 3 bypass with extensive quotes from me in Portswigger (4/March/2021)
- Blogpost about a ModSecurity 3 vulnerability that results in an complete WAF bypass (2/March/2021)
- Video of my Usenix Enigma 2021 talk “The Adventurous Tale of Online Voting in Switzerland” (1/March/2021)
- SCS in a Nutshell with Tobias Ospelt and Raphaël Arrouas being interviewed by me (28/Februar/2021)
- Slides of my Usenix Enigma 2021 talk “The Adventurous Tale of Online Voting in Switzerland” (1/February/2021)
- Blogpost about a regular expression tool for use with ModSecurity / CRS: “Introducing msc_retest” (6/January/2021)
2020
- Blogpost with highlights and the full transcript of my SCS in a Nutshell interview with Florian Schütz and Edouard Bugnion (25/November/2021)
- Podcast “Two Irish Guys Discussing Software” with me and Rowan O’Donoghue from Origina as guests (13/November/2020)
- Interview in Swiss magazine Netzwoche about E-Voting in Switzerland. (22/October/2020)
- SCS in a Nutshell with Swiss Mr. Cyber Florian Schütz and EPFL Vice-President Edouard Bugnion being interviewed by me. (13/October/2020)
- Blogpost on Legal Safe Harbors for bug bounty programs in Switzerland (6/October/2020)
- Webinar on Origina’s security offerings and the role that ModSecurity / CRS can play in it (29/September/2020)
- Article explaining the Legal Safe Harbor for bug bounty programs in Switzerland (Creative Commons release of wording) (22/September/2020)
- Security Advisory for CVE-2020-15598. ModSecurity affected by DoS (14/September/2020)
- Blogpost introducing a brief replacement online interview instead of the cancelled Swiss Cyber Storm conference (7/September/2020)
- Blogpost about msc_pyparser. A library to manipulate ModSecurity rules (1/September/2020)
- Slides of an extended ModSecurity / Core Rule Set presentation in an online meeting of OWASP Stammtisch Munich (21/July/2020)
- Blogpost describing a way to phase out legacy crypto ciphers while providing user-friendly error messages (20/February/2020)
- Blogpost describing a script to trigger an arbitrary CRS anomaly score (5/February/2020)
- Curated link list to live tweets of the Usenix Enigma 2020 conference (30/January/2020)
- Video of my AppSecCali presentation about ModSecurity / CRS in high security setups (also covers Swiss Post E-Voting system) (24/January/2020)
- CRS Project News for the month of January 2020 (14/January/2020)
- Blogpost about empty HTTP headers with libcurl / pycurl (13/January/2020)
2019
- Slides of a extended introduction to ModSecurity and CRS in front of the British ComputerSociety’s DevSecOps group (27/November/2019)
- Slides of a presentation about E-Voting in front of the alumnis of the CAS Data Privacy at ZHAW (14/November/2019)
- Article about ModSecurity and CRS in ITNow, the magazine of the British Computer Society (1/October/2019)
- Video of my presentation about ModSecurity / Core Rule Set at the OWASP AppSec Global conference in Amsterdam (26/September/2019)
- Blog Post about the second half of the Swiss Cyber Storm program of 2019 (13/September/2019)
- CRS Project News August 2019 A blog post for coreruleset.org (24/August/2019)
- Blog Post about the first half of the Swiss Cyber Storm program of 2019 (12/August/2019)
- Blog Post about the Swiss Cyber Storm motto of 2019: Embracing the Hackers (16/May/2019)
- CRS Project News May 2019 A blog post for coreruleset.org (1/May/2019)
- Response to the proposed new law about the political rights in Switzerland. I co-wrote this public statement with a security angle. (26/April/2019)
- Blogpost about Regular Expression Denial of Service weaknesses in the CRS project. (25/April/2019)
- Video of my keynote about Medieval Castles and Modern Servers at the Insomni’Hack conference 2019 (22/March/2019)
- Video of my presentation about E-Voting security in front of the Datenschutzforum Schweiz (14/March/2019)
- Slides of my keynote about Medieval Castles and Modern Servers at the Insomni’Hack conference 2019 (22/March/2019)
- Slides of my presentation about E-Voting with the Datenschutz-Forum Schweiz (14/March/2019)
- CRS Project News February 2019 A blog post for coreruleset.org (28/Febraury/2019)
- Guest article with arguments for E-Voting in Swiss newspaper Tagesanzeiger (25/February/2019)
- Video of my E-Voting presentation at the Switch Domainpulse conference (19/February/2019)
- Slides of my E-Voting presentation at the Switch Domainpulse conference (19/February/2019)
- Video Statement with key arguments in favor of E-Voting in Switzerland the the Switch Domainpulse conference (19/February/2019)
- CRS Project News January 2019 A blog post for coreruleset.org (24/January/2019)
- Interview in the Cyber Security Dispatch podcast touching on my career, E-Voting, OWASP and WAFs (3/January/2019)
2018
- Article on E-Voting Best Practices in hardcover book “Cybersecurity Best Practices”, together with Denis Mmaorel (2018)
- CRS Project News December 2018 A blog post for coreruleset.org (27/December/2018)
- Article on the blog of SATW about Trust at this year’s Swiss Cyber Storm conference (13/December/2018)
- Article in magazine SocietyByte about poor reporting on Swiss TV about an E-Voting security issue (20/November/2018)
- Blogpost on the technical background about bad reporting on Swiss TV (20/November/2018)
- CRS Project News November 2018 A blog post for coreruleset.org (14/November/2018)
- Video of my BlackAlps 2018 presentation about DDoS and an alternative defense method (8/November/2018)
- Slides of my BlackAlps 2018 presentation about DDoS and an alternative defense method (8/November/2018)
- Article in magazine Netzwoche about the Swiss Cyber Storm conference that I moderated (31/October/2018)
- Blogpost introducing SCS speaker Oliver Simonnet (18/Oct/2018)
- Blogpost introducing SCS speaker Nicolas Vernaz (11/Oct/2018)
- Blogpost introducing SCS speaker Robert Rogenmoser (10/Oct/2018)
- Blogpost at SATW, introducing the program of the upcoming Swiss Cyber Storm conference (8/Oct/2018)
- Interview with me about Trust in Swiss online magazine Influence (German) (28/Sep/2018)
- Blogpost introducing SCS speaker Ivan Ristić (27/Sep/2018)
- CRS Project News September 2018 A blogpost for coreruleset.org (27/Sep/2018)
- Blogpost introducing SCS speaker Moonbeom Park (25/Sep/2018)
- Blogpost introducing SCS speaker Katharine Jarmul (20/Sep/2018)/
- Blogpost introducing SCS speaker Nick Sullivan (11/Sep/2018)
- Blogpost introducing SCS speaker Lydie Ngo Nogol (30/Aug/2018)
- Article about Security in E-Voting and paper based Voting in Switzerland (German). This appeared in Society Byte (Bern University of Applied Sciences) (29/Aug/2018)
- Blogpost introducing SCS speaker Oliver Spycher (28/Aug/2018)
- Blogpost introducing SCS speaker Jérémy Matos (23/Aug/2018)
- Interview with me on the Application Security Podcast with Chris Romeo und Robert Hurlbutt covering the OWASP ModSecurity Core Rule Set and our plans for the project (7/Aug/2018)
- Blogpost introducing SCS speaker Marie Moe Marie Moe (7/Aug/2018)
- Blogpost introducing SCS speaker Mark Burgess Mark Burgess (2/Aug/2018)
- Blogpost reporting from the CRS community summit in London (12/Jul/2018)
- CRS Project News July 2018 A blogpost for coreruleset.org (7/Jul/2018)
- Announcement of the CRS community summit program (26/Jun/2018)
- Blogpost with news about the CRS community summit (7/Jun/2018)
- Blogpost introducing SCS speaker Grzegorz Milka (28/Jun/2018)
- Blogpost introducing SCS speaker Astha Singhal (26/Jun/2018)
- Blogpost introducing SCS speaker Lilly Ryan (14/Jun/2018)
- Blogpost introducing SCS keynote speaker Cory Doctorow (7/Jun/2018)
- Blogpost about SCS focus theme “Trust” (5/May/2018)
- Article on E-Voting and Phishing on a blog of Swiss Post (25/Apr/2018)
- Contribution to a Responsible Disclosure. A new type of XSS was found and I described how to prevent this with ModSecurity (3/Apr/2018)
- Announcing a CRS community summit (20/Mar/2018)
- Blogpost introducing CRS With the Geneva based Swiss Cybersecurity association (13/Mar/2018)
- O’Reilly article about ModSecurity on NGINX and how to tune false positives for ModSecurity on NGINX (20/Feb/2018)
- Report from the Usenix Enigma conference. An article that appeared in Linux Weekly News (14/Feb/2018)
- Interview with me on CNN Money Switzerland about Cyber Security. (31/Jan/2018).
- Slides for the O’Reilly webcast about ModSecurity on NGINX (15/Jan/2018)
- O’Reilly webcast about ModSecurity and CRS on NGINX. (This demands registration) (8/Jan/2018)
- Article about the Security Industry for the online news site E-Financial-Careers (German) (3/Jan/2018)
2017
- Blogpost about CRS development on the OWASP blog summing of the evolution of the CRS project through the years (20/Dec/2017)
- ictk.ch reporting about CRS winning German OSBAR award. This also covers my contribution to the project (German; note: this is about me, not by me) (7/Dec/2017)
- Blogpost about ftw and how we use it for unit testing with CRS (14/Dec/2017)
- Netzwoche reporting about CRS winning German OSBAR award. This also covers my contribution to the project (German; note: this is about me, not by me) (8/Dec/2017)
- Blogpost about ModSec courses (7/Dec/2017)
- Blogpost about CRS winning German OSBAR award (7/Dec/2017)
- Blogpost about CRS and OWASP Top 10 (21/November/2017)
- Blogpost reporting about the E-Voting focus at the Swiss Cyber Storm conference on the E-Voting blog of Swiss Post (6/Nov/2017)
- Blogpost reporting about the Swiss Cyber Storm conference on the SATW blog (30/Oct/2017)
- Blogpost introducing SCS speakers Antonio Barresi and Matthias Ganz (10/Oct/2017)
- Blogpost introducing SCS speaker Bryan Ford (6/Oct/2017)
- Blogpost covering the nomination of the CRS project for the Swiss DINACon awards (3/Oct/2017)
- Blogpost introducing SCS speakers Harald Reisinger and Aldo Frick (1/Oct/2017)
- Blogpost introducing SCS speaker Jordi Puiggali (26/Sep/2017)
- Blogpost introducing SCS speaker Raphael Reischuk (24/Sep/2017)
- Blogpost introducing SCS speaker Thomas Hofer (18/Sep/2017)
- Blogpost introducing SCS speaker Anthony Vance (14/Sep/2017)
- Blogpost inviting new people to join the CRS project (3/Sep/2017)
- CRS Project News September 2017 (7/Sep/2017)
- Video with a brief spot how to make a push for security in companies (9/Oct/2017) Fabasoft
- Video with a brief spot about security blind spots (9/Oct/2017) Fabasoft
- Blogpost with Core Rule Set project news (15/Aug/2017)
- FIXME FIXME (3/Aug/2017)
- FIXME FIXME (FIXME/XXX/2017) OWASP London
- FIXME FIXME (27/Jul/2017)
- FIXME introducing SCS speaker FIXME (25/Jul/2017)
- FIXME introducing SCS speaker FIXME (18/Jul/2017)
- FIXME introducing SCS speaker FIXME (11/Jul/2017)
- FIXME introducing SCS speaker FIXME (29/Juni/2017)
- FIXME introducing SCS speaker FIXME (6/Jun/2017)
- FIXME introducing SCS speaker FIXME (7/Jun/2017)
- FIXME FIXME (FIXME/XXX/2017) OWASP AppSecEU Belfast
- FIXME FIXME (20/May/2017)
- FIXME introducing SCS speaker FIXME (30/May/2017)
- FIXME introducing SCS speaker FIXME (23/May/2017)
- FIXME introducing SCS speaker FIXME (15/May/2017)
- FIXME introducing SCS speaker FIXME (13/Apr/2017)
- FIXME FIXME (6/Apr/2017)
- FIXME FIXME (24/Februar/2017)
- FIXME FIXME (3/Feb/2017)
- FIXME FIXME (1/Feb/2017)
- FIXME FIXME (31/Feb/2017)
- FIXME FIXME (13/Jan/2017)
2016
- Article in Linux Weekly News about the OWASP ModSecurity Core Rule Set 3.0 (21/Dec/2016)
- Article in Linux Weekly News about ModSecurity (14/Dec/2016)
- FIXME FIXME (12/April/2016)
- FIXME FIXME (26/Apr/2016)
- FIXME FIXME (20/Jun/2016)
- FIXME FIXME (10/Jul/2016)
- FIXME FIXME (26/Jul/2016)
- FIXME FIXME (1/Oct/2016)
- FIXME FIXME (14/Oct/2016)
- FIXME FIXME (22/Nov/2016)
-
FIXME FIXME (29/November/2016)
- German Tutorial showing options for visualisation of logfiles in the shell with the help of gnuplot (12/Feb/2016).
- Blogpost proposing the mechanics of a new OWASP ModSecurity Core Rules Paranoia Mode (04/Feb/2016).
- German Tutorial presenting an efficient workflow for apache configuration in multiple terminals (29/Jan/2016).
- Blogpost covering the over most frequent OWASP ModSecurity Core Rules false positives (17/Jan/2016).
2015 and before
- OWASP ModSecurity Core Rules: Comparing 2.2.x and 3.0.0-dev. A blogpost that compares the next version of the core rules to the former release (19/Dec/2015).
- German Tutorial explaining the various configuration options of an apache reverse proxy (12/Dec/2015).
- Don’t let 981172 and 981173 disappear from the Core Rules! A blogpost lobbying for two individual core rules, bound to be removed from the OWASP ModSecurity Core Rules Set (25/Nov/2015).
- German Tutorial about OWASP ModSecurity Core Rules tuning (17/Nov/2015).
- Cyber Risks Switzerland 2015 conference organised by MELANI in Bern. A blog post reporting about the event. (05/Nov/2015).
- SIGS Talk in Berne, about Practical ModSecuriy Tuning. An “After Work Event” of the Security Interest Group Switzerland with my talk as main topic. (10/Mar/2015).
- Cyber Risks Switzerland 2014 conference organised by MELANI in Bern. A blog post reporting about the event. (22/Nov/2014).
- Malware Workshop focusing on live traffic inspection and adjacent topics. A blog post about a workshop I hosted. (18/Nov/2014).
- Summary of OWASP Talk in Zurich covering core topics and the discussion. A blog post about my presentation. (18/Nov/2014).
- OWASP Talk in Zurich presenting advanced ModSecurity concepts. A standard OWASP Chapter meeting with my talk as main topic. (12/Nov/2014).
- German Report about a Cybersecurity workshop at the Swiss Federal Office for Civil Protection (Bundesamt für Bevölkerungsschutz). The second national Swiss Cyberattack Workshop examining a DDoS attack on national infrastructures (2/Sep/2014).
- Big Data - Eine Einführung. A German introductory speech on Big Data at an evening conference of Swiss Privacy Advocates. (06/May/2014).
- German Tutorial with a step by step guide to integrate the OWASP ModSecurity Core Rules (13/Aug/2013).
- German Tutorial explaining the integration of ModSecurity into the Apache webserver configuration (03/Jul/2013).
- 1 + 2 Backup Procedure is a simple backup method that works for people without technical background (11/Jun/2013).
- German Report about a Cybersecurity workshop at the Swiss Federal Office for Civil Protection (Bundesamt für Bevölkerungsschutz). The first national Swiss Cyberattack Workshop examining a DDoS attack on national infrastructures (14/Oct/2012).
- German Tutorial explaining how to extend the Apache access log in a useful way. A German step by step guide (5/Feb/2012).
- Video about practical defense against application layer DDoS attacks: “Sniping Slowloris and Friends”. The video was taken at Swiss Hashdays Conference October 2011 (27/Jan/2012).
- Video about defense concepts against application layer DDoS: “Hunting Slowloris and Friends”. The video was taken at Swiss Cyberstorm Conference May 2011 (23/Juni/2011).
- German Tutorial about simple and effective ssl/tls configuration on apache. A German step by step guide (21/Jan/2012).
- Flying-Frog Script. A ruby network monitoring script that is able to detect slowloris / request delaying attacks (15/Oct/2011).
- German Tutorial about the setup of a php application server in an external fast-cgi-daemon. A German step by step guide (11/Oct/2010).
- German Tutorial about minimalistic Apache configuration without sacrificing security. A German step by step guide (6/Nov/2010).
- German Tutorial on apache compilation. A German step by step guide (21/Oct/2010).
- Sein Kampf für das Teilen. A German article in the Bernese magazine Unilink about a visit of Richard Stallman (April/2010).
- Linux Weekly News Article on Slowloris. This is an article explaining slowloris type / request delaying DoS attacks on the application layer (24/Juni/2009).
- OWASP Europe Training Files about ModSecurity. A one day training I gave at OWASP Europe in Kraków (May/2009).
- Presentation at OWASP Europe about REMO, a positive Rule Editor for ModSecurity. A graphical user interface and rules generator with a whitelisting / positive approach. (May/2008).
- REMO - The Rule Editor for ModSecurity. A graphical user interface and rules generator with a whitelisting / positive approach. (2007/2008).
- How2Forge Article - Introducing REMO - An Easy Way to Secure an Insecure Online Application with ModSecurity. (6/Jun/2007).
- Tutorial about graphical visualisation of logfiles with graphviz. A very simple introduction (Jun/2006).
- Article on database design in historical research. History and Computing Volume 12 (2000).
History
- German opinion piece about producing your reenactment equipment yourself. Miroque Edition 6 : I/2013 (15/Apr/2013).
- The Ursula Shrine Linnen Armour (Padded Jack Series I) is a blogpost about the recreation of a historical piece of textile armour. On the Company of St. George website (Apr/2013).
- German interview with me about the Company of St. George. Karfunkel Combat 9 (12/Mar/2013).
- Video of a book presentation I participated in Nishny Novorod, Russia.
The book presented is the first Russian book on the medieval history of Switzerland (23/Sep/2012). - News program on Swiss TV interviewing me briefly. With the Company of St. George (19/Jul/2012).
- Blogpost about a juridical trial in a historical reenactment setting. On the Company of St. George website (Jul/2012).
- Blogpost about the upcoming reenactment event in Lenzburg, Switzerland. On the Company of St. George website (30/May/2012).
- Johannes Kummer (+1444). An article in the Historical Dictionary of Switzerland about an Abbot of Engelberg (6/Nov/2011).
- Blogpost about the way how religion can be reenacted. On the Company of St. George website (5/Jul/2011).
- Blogpost on crucial questions for reenactors. On the Company of St. George website (6/Jun/2011).
- Blogpost and video about the military in Medieval Chillon. On the Company of St. George website (23/May/2011).
- Blogpost and video about the daily life in Medieval Chillon. On the Company of St. George website (2/May/2011).
- Rohrmoos, von. An article in the Historical Dictionary of Switzerland about a noble family (23/Nov/2010).
- Blogpost on the idea of taking the visitor by the hand. On the Company of St. George website (15/Nov/2010).
- Ried, von. An article in the Historical Dictionary of Switzerland about a noble family (20/Oct/2010).
- Blogpost about castles, queens and bombards. On the Company of St. George website (27/Sep/2010).
- Schlacht bei Murten (1476). An article in the Historical Dictionary of Switzerland about the Battle Of Morat (2/Sep/2010).
- Blogpost about the medieval goat game. On the Company of St. George website (30/August/2010).
- Blogpost about interesting books for reenactors. On the Company of St. George website (9/August/2010).
- Blogpost about a leather sheath to protect a set of carving knives. On the Company of St. George website (2/August/2010).
- Blogpost about a new set of carving knives. On the Company of St. George website (28/Jun/2010).
- Blogpost about medieval dishes like “Tripe disguised as omelette balls”. On the Company of St. George website (21/Jun/2010).
- Blogpost about the upcoming reenactment event in Nykøbing, Denmark. On the Company of St. George website (31/May/2010).
- Rüediswil, von. An article in the Historical Dictionary of Switzerland about a noble family (19/May/2010).
- Blogpost on the creation of a whitelist of medieval foods. On the Company of St. George website (15/May/2010).
- Langspiess. An article in the Historical Dictionary of Switzerland about the soldier’s pike (3/Mar/2010).
- Johann von Eych (+1464). An article in the Historical Dictionary of Switzerland about a Bishop of Eichstätt (21/Sep/2009).
- Rudolf von Liebegg (+1332). An article in the Historical Dictionary of Switzerland about a scholar and writer (27/Nov/2008).
- Johannes Kreutzer (+1468). An article in the Historical Dictionary of Switzerland about a Dominican doctor in Theology and prior (4/Nov/2008).
- Konrad von Mure (+1281). An article in the Historical Dictionary of Switzerland about a Canon Regular and Writer (28/Oct/2008).
- Konrad Menger (+1501). An article in the Historical Dictionary of Switzerland about a Humanist and supposedly an Italian spy (24/Oct/2008).
- Josset (14th century). An article in the Historical Dictionary of Switzerland about a doctor (14/Feb/2008).
- Johannes von Lare (+1481). An article in the Historical Dictionary of Switzerland about a Franciscan guardian (14/Feb/2008).
- Libri confraternitatum / Libri memoriales. An article in the Historical Dictionary of Switzerland about memorial books (22/Jan/2008).
- Liebegg, von. An article in the Historical Dictionary of Switzerland about a noble family (21/Jan/2008).
- Johannes von Winterthur (+ ~1348). An article in the Historical Dictionary of Switzerland about a priest and writer (20/Jan/2008).
- Laupenkrieg (1338/39). An article in the Historical Dictionary of Switzerland about the Battle of Laupen (4/Dec/2007).
- Heinrich von Klingenberg (+1306). An article in the Historical Dictionary of Switzerland about a remarkable bishop of Constance (20/Aug/2007).
- Leonhard Mair (+ ~1455). An article in the Historical Dictionary of Switzerland about a Franciscan guardian (6/Aug/2007).
- Morgenstern. An article in the Historical Dictionary of Switzerland about the morning star (24/July/2007).
- Gutleben (+1406). An article in the Historical Dictionary of Switzerland about a Swiss doctor (13/Mar/2007).
- Katharinental und Töss. Zwei mystische Zentren in sozialgeschichtlicher Pespektive. The publication of my thesis (May/2007).
- Johannes I. An article in the Historical Dictionary of Switzerland about a bishop of Constance (12/Feb/2007).
- Ludwig Jäger. An article in the Historical Dictionary of Switzerland about a professor in Theology and Abbot (8/Feb/2007).
- Johannes Keck (+1450). An article in the Historical Dictionary of Switzerland about a doctor in Theology (5/Oct/2006).
- Johannes II (+782). An article in the Historical Dictionary of Switzerland about a bishop of Constance (7/Sep/2006).
- Hartmut (9th century). An article in the Historical Dictionary of Switzerland about an abbot of St. Gall (8/Aug/2006).
- Albrecht von Hohenberg (+1359). An article in the Historical Dictionary of Switzerland about a Bishop of Freising (21/Jul/2005).
- Magazine Article. A German event review of a reenactment gathering in Daaden, Germany, in Karfunkel Magazine (5/August/2002).
- German Article on historical research with databases. This article also appeared in English. See above (2000).
- German Article on Katharinental and Töss. A scholarly article in the German book “Lesen, Schreiben, Sticken und Erinnern” (2000).
Publications about me
- Article about the open source projects I am running in Inside-IT (German) (3/April/2024)
- Interview about Supply Chain Security in Swiss IT magazine Netzwoche (German) (6/Dec/2023)
- Portrait of mine covering everything I do from medieval history to E-Voting (German) (22/June/2023)
- Article in Swiss Newspaper NZZ quoting me extensively on the relationship between open source developers and commercial integrators (21/December/2021)
- Interview with me about new procedures in CRS to avoid vulnerabilities in the rule set in “The Daily Swig”(5/November/2021)
- Interview with me in Security Expert Series of the Swiss Cyber Forum (9/June/2021)
- Interview with me in the InfoSec and OSINT podcast of Josh Amishav-Zlatin (5/March/2021)
- Interview in Swiss magazine Netzwoche about E-Voting in Switzerland. (22/October/2020)
- Interview with me on Legal Safe Harbors for bug bounty programs in Switzerland; integrated into article on the subject (7/October/2020)
- Interview in the Cyber Security Dispatch podcast touching on my career, E-Voting, OWASP and WAFs (3/January/2019)
- Interview with me on the AppSec podcast covering the OWASP ModSecurity Core Rule Set and our plans for the project (7/Aug/2018)
- Interview with me on CNN Money Switzerland about Cyber Security. (31/Jan/2018).
- News program on Swiss TV interviewing me briefly. With the Company of St. George (19/Jul/2012).
- German portrait of my activities in reenactment. Der Bund (14/Aug/2003).
- French portrait of my activities in reenactment. La Liberté (27/Jul/1998).