Trustwave SpiderLabs Uncovers Unique Cybersecurity Risks in Today's Tech Landscape. Learn More

Trustwave SpiderLabs Uncovers Unique Cybersecurity Risks in Today's Tech Landscape. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats
SpiderLabs Blog

ModSecurity Award Nominations and the Challenges of Open Source

In the hustle and bustle of everyday work life we tend to look at the current issues we’re working to resolve, the next feature we want to develop, the next version release. We rarely take the time to look back and think about the work we’ve already done. On some rare occasions, however, something external makes you look back at them and it’s an opportunity to stop and appreciate what you’ve accomplished.

Recently, one of our own, Felipe Costa, was one of five people nominated by Microsoft at their Microsoft Security 20/20 Awards for “Top Github Contributor”.

First and foremost, we’d like to congratulate Felipe and the four other nominees for their accomplishment, given how sizable and active Github’s user base is, being nominated for top contributor is a feat in and of itself!

Second, we’d like to highlight some of the work that put Felipe on that list:

As you may or may not know, Trustwave is the custodian of ModSecurity, an open source WAF engine and, as the Lead Developer of ModSecurity, much of Felipe’s contribution has been either to the ModSecurity project directly, or to other related projects.

To add some words of congratulation from Ziv Mador, our VP of SpiderLabs Research:

“Over the years, ModSecurity has helped secure many web servers around the world, and behind ModSecurity there is a strong and dedicated team, which Felipe Costa is a central part of. Felipe has proven professionalism, deep expertise and dedication ever since he started leading the development of this technology. We congratulate Felipe for being selected as one of the top five contributors in Github. We also appreciate the strong community that supports ModSecurity. It is due to this community and strong players such as Felipe that made ModSecurity so successful.”

Felipe2020Awards Felipe at the Microsoft Security 20/20 Awards 

 

Working on an open source project is an entirely different experience to that of most developers out there working on “black box” products. Contributing to an open source project doesn’t just mean pushing in new code and fixing bugs, it also means interacting with a community, having discussions about features, understanding how people use your project, reviewing others’ contributions. Then make sure that the ideas, thoughts, requests and complaints of thousands of people somehow fit together to make one engine that serves the needs and is also usable of as many people as possible. You might imagine the project as a caravan moving along a path, with people joining to ride along. Sometimes they stay, sometimes they part ways later on, occasionally they throw some items into one of the carts, and with all these things happening around you’re trying to keep the caravan going down a clear path at a reasonable steady pace where everyone will be happy to arrive. If it sounds tricky to navigate, that’s because sometimes it is, but on the upside, you get to interact and collaborate with many different people, and that can help take the project in new directions or just move it along faster.

Given Felipe’s years of experience working on the ModSecurity project, we asked him to share his thoughts on the challenges of working on an open source project:

If I had to summarize working for the ModSecurity project with one word I would say: funny!​. ModSecurity is meant to be the swiss-army-knife of WAFs. That statement helps ModSecurity to be adopted from minimalist routers to high-end production servers. Sometimes, drawing an ideal picture of a road map is very challenging as different stakeholders put different requirements, especially for ModSecurity v3 which is widely adopted within Trustwave and our clients. Keeping up with the expectations of different users is a very challenging task.

Maybe one of the most challenging tasks here is not on what to have, but rather what not to have. I always remember that I cannot be ​Herb Powell from the Powell Motors building “The Car Built for Homer”. Not that the users are Homer, but they all have different perspectives and different ​use cases​ for ModSecurity and sometimes what’s good for one user is bad for another, it’s on us to make sure we keep all of our users in mind.

CarBuiltForHomer

"The Car Built for Homer"

 

On Making Changes:

Since the day I started as Lead developer for ModSecurity, a lot has changed. Automation on the QA process was established, as well as migration to an industry-standard platform to support the development and community such as GitHub. There is also the birth of the ModSecurity v3. In the beginning, it was a Proof-Of-Concept that turned out to be further adopted by the company as the benefit of its further development was clear.

As with every huge change, there was a buzz, there were people that loved it and people who hated it. That strong feeling was indeed a good response. Regardless if it is love or hate, people caring tells you that you really made some major design changes, which was one of the goals with v3: Make some major changes that will put us on the path to a goal everyone would be on board with: A better ModSecurity for the community.

 

On Fuel and Fire:

The indication that we are on the right path came not only as direct feedback from our users but also when we participated in some of the most important security conferences: 3 times at BlackHat, Nginx conference and hopefully more to come. Not to mention the individual awards such us the ​ngixexpert​, and now the nomination for Microsoft Security 20/20 as one of the biggest contributors on GitHub (security). The affection of the users and such praises are the fuel that makes me work happy every day.

But, none of those praises are really mine alone. They belong to an entire community that works hard to have a better ModSecurity!! It goes to Trustwave which continues to support the project all these years. To nginx who are very actively participants in the project and all the other micro-communities which are under the ModSecurity umbrella! Thank you all! And thank you Microsoft for the award nomination!

Latest SpiderLabs Blogs

Zero Trust Essentials

This is Part 5 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here.

Read More

Why We Should Probably Stop Visually Verifying Checksums

Hello there! Thanks for stopping by. Let me get straight into it and start things off with what a checksum is to be inclusive of all audiences here, from Wikipedia [1]:

Read More

Agent Tesla's New Ride: The Rise of a Novel Loader

Malware loaders, critical for deploying malware, enable threat actors to deliver and execute malicious payloads, facilitating criminal activities like data theft and ransomware. Utilizing advanced...

Read More