ModProfiler: Leading ModSecurity Towards Positive Security
Several years ago, a few more than I'd like to admit, I realised our chances for writing completely ...
Read MoreModSecurity Issue Tracker Now Available
I am happy to announce that we've just launched a public issue tracking facility for ModSecurity. ...
Read MoreMicrosoft and Oracle Helping 'Time-to-Fix' Problems
Before I talk to the title of this post, I have to provide a little back story. I have had an ...
Read MoreModSecurity 2.5.6 and Mlogc
The ModSecurity Log Collector (mlogc) is used to send ModSecurity audit log data to a console or ...
Read MoreTransformation Caching Unstable, Fixed, But Deprecated
We have just released ModSecurity 2.5.6 to address several issues with transformation caching: the ...
Read MoreModSecurity In Solaris
Although Solaris has been supported as a platform for ModSecurity since the very beginning, it has ...
Read MoreEnough With Default Allow Revision 2
A revised version (but still a draft) of the Enough With Default Allow in Web Applications! paper ...
Read MoreThree ModSecurity Rule Language Annoyances
There are three aspects of the ModSecurity Rule Language we are not very happy with. One comes from ...
Read MoreEnough with Default Allow in Web Applications!
The title of this blog post is also the title of a research paper we are currently working on. ...
Read MoreXSS Defense HOWTO
We all agree that cross-site scripting is a serious problem, but what continues to amaze me is the ...
Read MoreModSecurity In HP-UX Internet Express
We receive questions about ModSecurity running on HP-UX from time to time, but since we don't have ...
Read MoreModSecurity Licensing Exception Draft Is Ready
As you may know, ModSecurity is licensed under GPL version 2. This license has served us reasonably ...
Read MoreIntegrating Vulnerability Scanners and Web Application Firewalls
In case you missed it, Breach Security has teamed up with WhiteHat Security so that their Sentinel ...
Read MoreModSecurity Is Blooming
OWASP AppSec Europe 2008 in Ghent, which I wrote about in a previous post, indeed felt like a ...
Read MoreWhat's the Score of the Game - Part 2: Web Security Metrics
In my earlier post entitled "What's the Score of the Game?" I presented the concept that what ...
Read MoreModSecurity Training at Blackhat USA
We are excited to announce that Breach Security will be running the 2-day ModSecurity Bootcamp ...
Read MoreWhat's the Score of the Game?
We, as the webappsec community, should try and move away from "Holy Wars" debating that there is ...
Read MoreModSecurity 2.6 RoadMap
ModSecurity 2.6 will likely be the last branch before ModSecurity 3. The 2.6 branch will ...
Read MoreModSecurity 2.5 Phrase Match Operator Performance
Quite a few people have asked about the performance differences between using the regular ...
Read MoreModSecurity Party in Ghent on May 20th
In my previous post, in which I was commenting on the OWASP AppSec agenda, I forgot to mention the ...
Read MoreModSecurity Community Console v1.0.3 Now Available
I've just released an update to ModSecurity Community Console, our free audit log aggregation ...
Read MoreModSecurity Training at OWASP AppSec Europe
We are excited to announce that a ModSecurity 2-day training class has been added to the upcoming ...
Read MoreApacheCon Europe: Web Intrusion Detection with ModSecurity
I've had a pleasure of participating in ApacheCon Europe in Amsterdam this week. Paradoxically, ...
Read MoreWeb Application Firewall Concepts
I went through all my ModSecurity Blog posts yesterday, partly to admire myself for blogging ...
Read MoreModSecurity User Survey
With the release of ModSecurity 2.5 yesterday, this seemed like the perfect time to get feedback ...
Read MoreModSecurity 2.5 Released
The final version of ModSecurity 2.5.0, the long awaited next stable version of ModSecurity, is now ...
Read MoreWeb Hacking Incidents Database Annual Report for 2007
Breach Labs which sponsors WHID has issued an analysis of the Web Hacking landscape in 2007 based ...
Read MoreModSecurity 2.5 Status
The ModSecurity 2.5 release is scheduled for early/mid February. With the ModSecurity 2.5 release ...
Read More