Showing 46 results for: 2008 ×ModSecurity ×

ModSecurity Is Blooming

OWASP AppSec Europe 2008 in Ghent, which I wrote about in a previous post, indeed felt like a ModSecurity user meeting. We kicked-off the conference with 2 days of ModSecurity training, with 8 people attending. Eight is not only the...

ModSecurity Training at Blackhat USA

We are excited to announce that Breach Security will be running the 2-day ModSecurity Bootcamp class at this year's Blackhat conference in Las Vegas, NV! We are currently scheduled for 1 session on August 2nd - 3rd, however if there...

What's the Score of the Game?

We, as the webappsec community, should try and move away from "Holy Wars" debating that there is only one right way to address web application vulnerabilities - source code reviews, vulnerability scanning or web application firewalls - and instead focus...

ModSecurity 2.5 Phrase Match Operator Performance

Quite a few people have asked about the performance differences between using the regular expression (@rx) operator and using the phrase match (@pm or @pmFromFile) operator. Lately, I have been working on better methods of gathering performance statistics and want...

ModSecurity 2.6 RoadMap

ModSecurity 2.6 will likely be the last branch before ModSecurity 3. The 2.6 branch will concentrate on polishing up the current 2.5 feature set, performance, ease of use, supporting arbitrary character sets, and better documentation. I'll be posting 2.6 development...

ModSecurity Party in Ghent on May 20th

In my previous post, in which I was commenting on the OWASP AppSec agenda, I forgot to mention the party. What was I thinking?! Breach Security is throwing a cocktail party on May 20th, which is the last training day...

ModSecurity Training at OWASP AppSec Europe

We are excited to announce that a ModSecurity 2-day training class has been added to the upcoming OWASP AppSec Europe Conference set for May 19-20 in Belgium. We are extremely excited that OWASP has added this class to their training...

ModSecurity Community Console v1.0.3 Now Available

I've just released an update to ModSecurity Community Console, our free audit log aggregation solution with support for up to 3 ModSecurity sensors. The focus of this release is the support for part K of the ModSecurity audit log format...

ApacheCon Europe: Web Intrusion Detection with ModSecurity

I've had a pleasure of participating in ApacheCon Europe in Amsterdam this week. Paradoxically, although I've been involved with the Apache web server for years, this was my first ApacheCon conference ever. Meeting the people I've been exchanging emails with...

Web Application Monitoring Data Model

A data model is the foundation of web application monitoring and, thus, key to successful utilisation of web application firewalls. We don't get to design the model; we can only deduct it from the information provided to us from the...

Web Application Firewall Concepts

I went through all my ModSecurity Blog posts yesterday, partly to admire myself for blogging consistently for almost 5 years and partly to understand what is that I talked about during this time. While I knew that most of my...

Web Application Firewall Use Cases

There are many reasons to use a web application firewall. Most people tend to focus on prevention and blocking when the term is brought up, but that is just one of the possible uses. Three years ago, almost to the...

ModSecurity User Survey

With the release of ModSecurity 2.5 yesterday, this seemed like the perfect time to get feedback from the user community. The 2.5 release is important as it has included many features that were identified by the user community, so this...

ModSecurity 2.5 Released

The final version of ModSecurity 2.5.0, the long awaited next stable version of ModSecurity, is now available. This release offers quite a few new features: set-based matching, a wider variety of string matching operators, transformation caching, support for writing rules...

Tangible ROI of a Web Application Firewall (WAF)

One of the challenges facing organizations that need to increase the security of their web applications is to concretely provide appropriate "Return On Investment" (ROI) for procurement justification. Organizations can only allocate a finite amount of budget towards security efforts...

ModSecurity 2.5 Status

The ModSecurity 2.5 release is scheduled for early/mid February. With the ModSecurity 2.5 release just around the bend, I have been spending my time doing a lot of testing, tweaking and polishing. I would like ModSecurity 2.5 and the core...