Showing 7 results for: July 2008 ×ModSecurity ×

ModSecurity In Solaris

Although Solaris has been supported as a platform for ModSecurity since the very beginning, it has now become part of Sun's Cool Stack: Cool Stack is a collection of some of the most commonly used open source applications optimized for...

Three ModSecurity Rule Language Annoyances

There are three aspects of the ModSecurity Rule Language we are not very happy with. One comes from a wrong design decision (my own), with further two from constraints of working within the framework of Apache. All three break the...

Enough With Default Allow Revision 2

A revised version (but still a draft) of the Enough With Default Allow in Web Applications! paper is now available for download. (My previous post on this topic is here.) The major changes in this version include: Decided to use...

Enough with Default Allow in Web Applications!

The title of this blog post is also the title of a research paper we are currently working on. Although the paper is still in draft form, we've decided to circulate it widely (download here) because we believe a public...

Web Application Firewall Use Cases Update

My list of web application firewall use cases continues to involve. I've decided to shuffle things somewhat: I am going to remove the "Network building blocks" use case because that is really a feature of reverse proxies. If a WAF...

XSS Defense HOWTO

We all agree that cross-site scripting is a serious problem, but what continues to amaze me is the lack of good documentation on the subject. It is easy to find instructions how to execute attacks against applications vulnerable to XSS,...

ModSecurity In HP-UX Internet Express

We receive questions about ModSecurity running on HP-UX from time to time, but since we don't have access to the platform there is very little we can do to help. Fortunately, most questions fall into the "Does it run?" category....