Massive performance improvements for Apache 1.x users in ModSecurity 1.9.2-rc2
Some ModSecurity users like to run really large rule sets, where the number of rules runs into ...
Read More
ModSecurity 1.9 article on O'Reilly Network
My article ("What's New in ModSecurity"), which describes the most important improvements in 1.9, ...
Read MorePositive security model in ModSecurity
One of the major improvements in the next release of ModSecurity (v2.0) will be the support for a ...
Read MoreModSecurity for Apache 1.9 has been released!
Finally. I already wrote about many new features available in this release. Relieved from the ...
Read MoreDraft from the Web Application Firewall Evaluation Criteria project
The web application firewall (WAF) market is a bit confusing at the moment since it is not clear ...
Read MoreA few more features made it into ModSecurity 1.9
A small number of new features made it into 1.9 at the very last minute. Initially I intended to ...
Read MoreApache 2.1.7 beta released
A new beta version of the Apache web server has been released. This release is important because it ...
Read MoreWhat's new in ModSecurity 1.9
You may have noticed it's been a while since ModSecurity has had a major release. This does not ...
Read MorePortable Web Application Firewall Rule Format News
As some of you may know, I've been working on the portable web application firewall (WAF) rule ...
Read MoreMajor updates to ModSecurity in 1.9dev3
This version implements the final batch of major improvements to the 1.9.x series. These include a ...
Read MoreImprovements to the Servlet specification
A while ago Greg Murray (the Servlet specification lead) asked for ideas for Servlet improvements. ...
Read MoreWeb Security Improvement Ideas
I have been keeping a list of web security improvement ideas for some time now. It's a list that ...
Read MorePHP chapter from Apache Security available for download
I have made the PHP chapter from Apache Security available for free download. When we made the ...
Read MoreMore on impedance mismatch
Recently there has been increased interest in the impedance mismatch problem, which occurs between ...
Read MoreThe future of web application firewalls
It always pays off to visit Richard Bejtlich's blog once in a while. (Or, even better, subscribe to ...
Read MoreExternal Web Application Protection: Impedance Mismatch
Web application firewalls have a difficult job trying to make sense of data that passes by, without ...
Read MoreMod_security 1.8.7RC2 available
Second release candidate for mod_security 1.8.7 is available for download. I performed a detailed ...
Read MoreModSecurity for Java Milestone 3 now available
I have just released an updated version of ModSecurity for Java. This version implements the core ...
Read Moremod_security and the PHPBB worm (Santy.A)
I have been asked to design a mod_security rule to protect sites from the recent PHPBB worm. Now, I ...
Read MorePortable web firewall rule format
For some time now I've been working on a portable web firewall rule format as part of the OASIS WAS ...
Read MoreWASC releases Threat Classification
They've been very quiet for a number of months and now you know what they have been doing - working ...
Read MoreAVDL becomes a standard
Application Vulnerability Description Language (AVDL) has been approved as an OASIS standard last ...
Read MoreNetwork Security Hack #93: mod_security
O'Reilly have a new book out: Network Security Hacks. It is a really good book (I read it on Safari ...
Read MoreModSecurity audit log to MySQL parser
Dhillon A. K. has written a new article about mod_security. The article is essentially a brief ...
Read MoreChroot support significantly improved in v1.8
Last night I updated the code that provides the internal chroot functionality in mod_security. I am ...
Read MoreWeb Application Security Consortium Announced
A new organisation has just been announced: the Web Application Security Consortium. The ...
Read MorePaper on passive information gathering
TechicalInfo.Net is an excellent resource for Web Security information. Gunter Ollmann has provided ...
Read MoreAVDL Committee Draft is out
This morning I got news of AVDL becoming a Committee Draft; you can get it here. AVDL (Application ...
Read More