Installling ModSecurity
ModSecurity is a really powerful beast. It can do anything you want, at least when what you want ...
Read MoreModSecurity is a really powerful beast. It can do anything you want, at least when what you want ...
Read MoreAs some of you may know, I am heading up the WASC Distributed Open Proxy Honeypot Project. The ...
Read MoreI am very excited to announce that I will be instructing a live 2-day ModSecurity Training class at ...
Read MoreModSecurity 2.1.3 is the latest stable release of ModSecurity. The 2.1.3 release contains some ...
Read MoreNIST has released a new guide on securing Web Services. It is a pretty good read for anyone who is ...
Read MoreVirtual Patching is a policy for a web application firewall (in this case ModSecurity) that is able ...
Read MoreToday I released ModSecurity 2.1.2. This is the latest stable release of ModSecurity. The 2.1.2 ...
Read MoreIn many ways vulnerability remediation is like a Track and Field race and the firing of the ...
Read MoreMichael Renzmann wrote to the ModSecurity mailing list recently announcing project ScallyWhack. ...
Read MoreLast week I released the second ModSecurity development release, 2.5.0-dev2, in preparation for the ...
Read MoreA very interesting research paper titled "Apache Prefork MPM Vulnerabilities" was released a few ...
Read MoreAs many of you have noticed, the Core Rule Set contains very complex regular expressions. For ...
Read MoreIn a previous Blog entry, I outlined a number of steps that you could take to increase performance ...
Read MoreOn June 12th, 2007, the CA/Browser Forum (a group that consists of leading certificate authorities ...
Read MoreThe Universal PDF XSS vulnerability was a tipping point for most people involved with web ...
Read MoreYou have probably heard it by now, but US-CERT released a Vulnerability Note last week entitled ...
Read MoreHello all. As this is my first official blog entry, let me first start off with a short ...
Read MoreHelp, my ModSecurity Community Console is not responding!" Perhaps you have seen this type of email ...
Read MoreFor all of you who are using ModSecurity 1.x and looking for information on migrating to Mod 2.x, ...
Read MoreOn April 11th I'm going to present a webinar on web application security, with a twist. The Webinar ...
Read MoreSince ModSecurity is based on regular expressions. Writing rules requires developing and testing ...
Read MoreThere are certain scenarios where you might want to create white-listed ModSecurity rulesets which ...
Read MoreIf you have more then 1 ModSecurity installation, you have undoubtedly run into issues with ...
Read MoreIt has been brought to our attention that a fault in the ModSecurity parsing code has been ...
Read MoreI enjoyed talked about ModSecurity (and web application firewalls) in front of the London OWASP ...
Read MoreIt is inevitable; you will run into some False Positive hits when using web application firewalls. ...
Read MoreIn my previous post I described a potential problem with web application firewalls protecting web ...
Read MoreSANS released their 6th edition of the @RISK Weekly News Letter. In it, there were a total of 44 ...
Read More