ModSecurity Migration Matrix
For all of you who are using ModSecurity 1.x and looking for information on migrating to Mod 2.x, ...
Read MoreFor all of you who are using ModSecurity 1.x and looking for information on migrating to Mod 2.x, ...
Read MoreOn April 11th I'm going to present a webinar on web application security, with a twist. The Webinar ...
Read MoreSince ModSecurity is based on regular expressions. Writing rules requires developing and testing ...
Read MoreThere are certain scenarios where you might want to create white-listed ModSecurity rulesets which ...
Read MoreIf you have more then 1 ModSecurity installation, you have undoubtedly run into issues with ...
Read MoreIt has been brought to our attention that a fault in the ModSecurity parsing code has been ...
Read MoreI enjoyed talked about ModSecurity (and web application firewalls) in front of the London OWASP ...
Read MoreIt is inevitable; you will run into some False Positive hits when using web application firewalls. ...
Read MoreIn my previous post I described a potential problem with web application firewalls protecting web ...
Read MoreSANS released their 6th edition of the @RISK Weekly News Letter. In it, there were a total of 44 ...
Read MoreThere was a great email posted to the ModSecurity user mail-list today that asked about ...
Read MoreAs I was reviewing the ModSecurity 2.1.0-rc7 Reference Manual I realised it did not contain some ...
Read MoreI have just packaged and released ModSecurity for Apache v2.1.0-rc7, in preparation for the first ...
Read MoreThis is a listing of Web Application Vulnerabilities that were released by SANS in their @RISK ...
Read MoreJeremiah Grossman gives an excellent overview of the top Web hacks of 2006. If you haven't been ...
Read MoreFollowing a question on the core rule set on the ModSecuirty mailing list, I would like to list ...
Read MoreA recent posting on the ModSecurity mailing list by K.C. Li is a very good excuse to discuss some ...
Read MoreIn response to many of the common questions and issues posted to the mail-list, we at Breach ...
Read MoreA while ago Federico Biancuzzi contacted me to ask if I'd be interested to give an interview for ...
Read MoreA significant event occurred on the mod-security-users mailing list in July: a large code ...
Read MoreI was asked recently to investigate performance of an ModSecurity installation in order to see if ...
Read MoreLast week I spent some time stress-testing Apache 2.2.3 configured to work as a reverse proxy. I ...
Read MoreYou can tell that I am too busy when I take almost three months to blog about something interesting ...
Read MoreBack in March 2006 I was approached by Forrester Research and invited to participate in their Q2 ...
Read MoreI just came across this and can't help but make a note about it: A web hosting package offered by ...
Read MoreVariables and collections are concepts new to ModSecurity 2. ModSecurity 1.x does allow you to use ...
Read MoreI love the command line, I do. But there are some tasks where this type of user interface is simply ...
Read MoreOne of the things I realy dislike in ModSecurity 1.x is that its anti-evasion features are ...
Read More