Showing 14 results for: 2004 ×ModSecurity ×

mod_security and the PHPBB worm (Santy.A)

I have been asked to design a mod_security rule to protect sites from the recent PHPBB worm. Now, I don't have access to PHPBB (vulnerable or not) but looking at the worm log entries I have found online it should...

Portable web firewall rule format

For some time now I've been working on a portable web firewall rule format as part of the OASIS WAS technical committee. It's been going on for much longer than I anticipated, mainly because there is so much *other* work...

WASC releases Threat Classification

They've been very quiet for a number of months and now you know what they have been doing - working on the Threat Classification document. The goal of the document is to establish a common web security vocabulary in order...

AVDL becomes a standard

Application Vulnerability Description Language (AVDL) has been approved as an OASIS standard last week (see email from Karl F. Best). AVDL is an XML-based protocol for transfer of vulnerability information from scanner tools to protection (or security management) systems. Having...

Network Security Hack #93: mod_security

O'Reilly have a new book out: Network Security Hacks. It is a really good book (I read it on Safari myself). There are one hundred tips in there, each describing one important point related to security. Not that it affects...

ModSecurity audit log to MySQL parser

Dhillon A. K. has written a new article about mod_security. The article is essentially a brief introduction to the module. More importantly, however, there is a piece of code attached to the article (in PHP) that parses the mod_security audit...

Chroot support significantly improved in v1.8

Last night I updated the code that provides the internal chroot functionality in mod_security. I am glad to announce version 1.8 will be much more reliable. The tricky part when doing chroot from within a module is that you don't...

Web Application Security Consortium Announced

A new organisation has just been announced: the Web Application Security Consortium. The consortium, formed by leading web security companies (Application Security, KaVaDo, Sanctum, SPI Dynamics, Inc. and WhiteHat Security) aims to establish web application security standards, and the terminology...

Paper on passive information gathering

TechicalInfo.Net is an excellent resource for Web Security information. Gunter Ollmann has provided a set of great papers, observations, and links to information gathering tools available on the Internet. The latest addition to this collection is a Passive Information Gathering...

AVDL Committee Draft is out

This morning I got news of AVDL becoming a Committee Draft; you can get it here. AVDL (Application Vulnerability Desciription Language) wants to establish a standard communication protocol between entities with different roles, involved in application vulnerability discovery, management, and...

JIRA license for ModSecurity

I am very happy to announce that I've been granted a free JIRA license to use with ModSecurity! I am grateful to SourceForge for their facilities but, face it, the quality is not that good. Also, since recently I am...

Free Apache hardening utility

Syhunt, a security tool company from Brazil, have released a free Apache configuration hardening utility. The utility feeds on Apache or PHP configuration files, and gives warnings and suggestions how to make the configuration more secure. I especially like the...

New Apache module: mod_log_forensic

A new module has been added to the Apache CVS repository: mod_log_forensic. It is a standard module available for both branches (all three actually but who counts :). It will probably be officially released as part of the Apache 1.3.30...

End of year post!

I thought a post to mark the end of the year would be in order. It has been a very good year for ModSecurity - it's gone from just an idea to a stable and useful product. The toughest part...