Improvements to the Servlet specification
A while ago Greg Murray (the Servlet specification lead) asked for ideas for Servlet improvements. ...
Read MoreWeb Security Improvement Ideas
I have been keeping a list of web security improvement ideas for some time now. It's a list that ...
Read MorePHP chapter from Apache Security available for download
I have made the PHP chapter from Apache Security available for free download. When we made the ...
Read MoreMore on impedance mismatch
Recently there has been increased interest in the impedance mismatch problem, which occurs between ...
Read MoreThe future of web application firewalls
It always pays off to visit Richard Bejtlich's blog once in a while. (Or, even better, subscribe to ...
Read MoreExternal Web Application Protection: Impedance Mismatch
Web application firewalls have a difficult job trying to make sense of data that passes by, without ...
Read MoreMod_security 1.8.7RC2 available
Second release candidate for mod_security 1.8.7 is available for download. I performed a detailed ...
Read MoreModSecurity for Java Milestone 3 now available
I have just released an updated version of ModSecurity for Java. This version implements the core ...
Read MoreModSecurity audit log to MySQL parser
Dhillon A. K. has written a new article about mod_security. The article is essentially a brief ...
Read MoreConverted Snort rules to mod_security rules
I wrote a simple Perl script to convert Snort rules to mod_security rules and published the ...
Read MoreEnhanced rules now available
The last change before the 1.7 release is now in the CVS. I have refactored the code dealing with ...
Read MoreMasking your web server
There is a new feature available in the CVS, and it allows you to mask your web server and instruct ...
Read MoreAdded Unicode encoding validation
I've just committed the Unicode validation feature to the CVS. It is a very good thing to have if ...
Read MoreURL decoding bug fixed
I just fixed a small bug in the URL decoding routine. Apparently, I forgot to add code to convert ...
Read MorePorting mod_security to Windows
With module functioning well on Unix-based platforms I decided to start with the Windows port. The ...
Read More