HTTPrint vs. ModSecurity
There was a great email posted to the ModSecurity user mail-list today that asked about ...
Read More
PHP Peculiarities for ModSecurity Users
As I was reviewing the ModSecurity 2.1.0-rc7 Reference Manual I realised it did not contain some ...
Read MoreModSecurity 2.1.0 Improvements
I have just packaged and released ModSecurity for Apache v2.1.0-rc7, in preparation for the first ...
Read MoreSANS @Risk Web Vulnerabilities List Mitigation Steps
This is a listing of Web Application Vulnerabilities that were released by SANS in their @RISK ...
Read MoreTop 10 Web Hacks of 2006
Jeremiah Grossman gives an excellent overview of the top Web hacks of 2006. If you haven't been ...
Read MoreKey Advantages of the Core Rule Set
Following a question on the core rule set on the ModSecuirty mailing list, I would like to list ...
Read MoreUsing ModSecurity 2 Collections in Rules
A recent posting on the ModSecurity mailing list by K.C. Li is a very good excuse to discuss some ...
Read MoreModSecurity v2.0 Webcast
In response to many of the common questions and issues posted to the mail-list, we at Breach ...
Read MoreTalking About ModSecurity 2.0 With Federico Biancuzzi for SecurityFocus
A while ago Federico Biancuzzi contacted me to ask if I'd be interested to give an interview for ...
Read MoreModSecurity Cookie and Link Protection Patch
A significant event occurred on the mod-security-users mailing list in July: a large code ...
Read MoreModSecurity Performance Tip
I was asked recently to investigate performance of an ModSecurity installation in order to see if ...
Read MoreApache Reverse Proxy Memory Consumption Observations
Last week I spent some time stress-testing Apache 2.2.3 configured to work as a reverse proxy. I ...
Read MoreModSecurity 1.9.x Performance Testing
You can tell that I am too busy when I take almost three months to blog about something interesting ...
Read MoreForrester Research Q2 2006 Web Application Firewall Evaluation
Back in March 2006 I was approached by Forrester Research and invited to participate in their Q2 ...
Read MoreYahoo Small Business offers 'ModSecurity-like' functionality
I just came across this and can't help but make a note about it: A web hosting package offered by ...
Read MoreModSecurity 2: Variables, Collections and Transaction Scoring
Variables and collections are concepts new to ModSecurity 2. ModSecurity 1.x does allow you to use ...
Read MoreModSecurity Console Now Available
I love the command line, I do. But there are some tasks where this type of user interface is simply ...
Read MoreModSecurity 2: Explicit Normalisation Options
One of the things I realy dislike in ModSecurity 1.x is that its anti-evasion features are ...
Read MoreSecure Browsing Mode Proposal
It's very well known (and even widely accepted) that our current web application deployment model ...
Read MoreJailing Apache On Windows
Yury Zaytsev wrote to me recently to tell me about his experiences in jailing Apache on Windows. ...
Read MoreEmbeddable Web Application Firewalls and Impedance Mismatch
Some of you may remember I wrote about impedance mismatch that occurs between security layers. Ryan ...
Read MoreModSecurity for Apache 2.0.0-beta-3 now available!
I have been awfully quiet recently, having made my last post to this blog in late March. I have a ...
Read MoreApache suEXEC chroot patch
I was recently involved with a project where we needed to configure an Apache server that was ...
Read MoreFirst development release of ModSecurity 2.x
It's that time of year again, when I get to work on new features (instead of supporting the old ...
Read MoreSmall but important improvements in ModSecurity 1.9.3
I have just released ModSecurity for Apache 1.9.3-rc1, a release candidate, as I always do when ...
Read MoreModSecurity Elevator Pitch at EUSecWest
I spent some time this week at the EUSecWest conference here in London. EUSecWest is a ...
Read MoreWeb application firewalls primer
(IN)SECURE Magazine Issue 1.5 has just been published. I wrote the cover story, titled "Web ...
Read MoreModSecurity Rules subproject added
If you are a ModSecurity user you may have noticed that I am distributing ModSecurity without any ...
Read More