Showing 7 results for: June 2007 ×

Another ModSecurity Development Release

Last week I released the second ModSecurity development release, 2.5.0-dev2, in preparation for the next version of ModSecurity. Some may notice that this version is now 2.5.x where as the first development release was 2.2.x. Ivan and I decided that...

Optimizing Regular Expressions

As many of you have noticed, the Core Rule Set contains very complex regular expressions. For example: (?:\b(?:(?:s(?:elect\b(?:.{1,100}?\b(?:(?:length|count|top)\b.{1,100} ?\bfrom|from\b.{1,100}?\bwhere)|.*?\b(?:d(?:ump\b.*\bfrom|ata_type)| (?:to_(?:numbe|cha)|inst)r))|p_(?:(?:addextendedpro|sqlexe)c|... These regular expressions are assembled from a list of simpler regular expressions for efficiency reasons. A single optimized regular expression...

Apache Process Infection

A very interesting research paper titled "Apache Prefork MPM Vulnerabilities" was released a few days ago, as you can see in the corresponding Bugtraq post. The paper describes, in detail, the dangers of allowing third-parties to run code under the...

Managing ModSecurity Alerts: More Console Tuning

In a previous Blog entry, I outlined a number of steps that you could take to increase performance of the ModSecurity open source Console. While these tuning steps will certainly help to increase performance, there is still one big issue...

Universal PDF XSS Revisited

The Universal PDF XSS vulnerability was a tipping point for most people involved with web application security. Now we know the Web will never be secure for as long we continue to use the exact same technologies we have in...