Enough With Default Allow Revision 2
A revised version (but still a draft) of the Enough With Default Allow in Web Applications! paper ...
Read MoreA revised version (but still a draft) of the Enough With Default Allow in Web Applications! paper ...
Read MoreThere are three aspects of the ModSecurity Rule Language we are not very happy with. One comes from ...
Read MoreThe title of this blog post is also the title of a research paper we are currently working on. ...
Read MoreWe all agree that cross-site scripting is a serious problem, but what continues to amaze me is the ...
Read MoreWe receive questions about ModSecurity running on HP-UX from time to time, but since we don't have ...
Read MoreAs you may know, ModSecurity is licensed under GPL version 2. This license has served us reasonably ...
Read MoreIn case you missed it, Breach Security has teamed up with WhiteHat Security so that their Sentinel ...
Read MoreOWASP AppSec Europe 2008 in Ghent, which I wrote about in a previous post, indeed felt like a ...
Read MoreIn my earlier post entitled "What's the Score of the Game?" I presented the concept that what ...
Read MoreWe are excited to announce that Breach Security will be running the 2-day ModSecurity Bootcamp ...
Read MoreWe, as the webappsec community, should try and move away from "Holy Wars" debating that there is ...
Read MoreModSecurity 2.6 will likely be the last branch before ModSecurity 3. The 2.6 branch will ...
Read MoreQuite a few people have asked about the performance differences between using the regular ...
Read MoreIn my previous post, in which I was commenting on the OWASP AppSec agenda, I forgot to mention the ...
Read MoreI've just released an update to ModSecurity Community Console, our free audit log aggregation ...
Read MoreWe are excited to announce that a ModSecurity 2-day training class has been added to the upcoming ...
Read MoreI've had a pleasure of participating in ApacheCon Europe in Amsterdam this week. Paradoxically, ...
Read MoreI went through all my ModSecurity Blog posts yesterday, partly to admire myself for blogging ...
Read MoreWith the release of ModSecurity 2.5 yesterday, this seemed like the perfect time to get feedback ...
Read MoreThe final version of ModSecurity 2.5.0, the long awaited next stable version of ModSecurity, is now ...
Read MoreBreach Labs which sponsors WHID has issued an analysis of the Web Hacking landscape in 2007 based ...
Read MoreThe ModSecurity 2.5 release is scheduled for early/mid February. With the ModSecurity 2.5 release ...
Read MoreModSecurity 2.5 introduces a really cool, yet somewhat obscure feature called Content Injection. ...
Read MoreSome time ago I decided to start a new blog, a place where I would be able to address the topics ...
Read MoreI have just added a new section to the ModSecurity v2.5 Reference Manual, describing the data ...
Read MoreI will be speaking about ModSecurity at ApacheCon Europe in Amsterdam later this year. I hear ...
Read MoreHere is a snippet from the just released SANS NewsBites letter:
Read MoreLarge Wordlist Example You will find the greatest benefit of using the set based matching opertors ...
Read More