mod_security and the PHPBB worm (Santy.A)
I have been asked to design a mod_security rule to protect sites from the recent PHPBB worm. Now, I ...
Read MoreI have been asked to design a mod_security rule to protect sites from the recent PHPBB worm. Now, I ...
Read MoreFor some time now I've been working on a portable web firewall rule format as part of the OASIS WAS ...
Read MoreThey've been very quiet for a number of months and now you know what they have been doing - working ...
Read MoreApplication Vulnerability Description Language (AVDL) has been approved as an OASIS standard last ...
Read MoreO'Reilly have a new book out: Network Security Hacks. It is a really good book (I read it on Safari ...
Read MoreDhillon A. K. has written a new article about mod_security. The article is essentially a brief ...
Read MoreLast night I updated the code that provides the internal chroot functionality in mod_security. I am ...
Read MoreA new organisation has just been announced: the Web Application Security Consortium. The ...
Read MoreTechicalInfo.Net is an excellent resource for Web Security information. Gunter Ollmann has provided ...
Read MoreThis morning I got news of AVDL becoming a Committee Draft; you can get it here. AVDL (Application ...
Read MoreI am very happy to announce that I've been granted a free JIRA license to use with ModSecurity! I ...
Read MoreSyhunt, a security tool company from Brazil, have released a free Apache configuration hardening ...
Read MoreA new module has been added to the Apache CVS repository: mod_log_forensic. It is a standard module ...
Read MoreI thought a post to mark the end of the year would be in order. It has been a very good year for ...
Read MoreBuilding on the multipart/form-data support I added to mod_security the other day, today I added ...
Read MoreOver the weekend I worked on adding the multipart/form-data support to mod_security. As a result, ...
Read MoreI feel like I've reached a new milestone with mod_security. First of all, it is important to note ...
Read MoreThe new version of the script to convert Snort rules into mod_security rules is now available (from ...
Read MoreI wrote a simple Perl script to convert Snort rules to mod_security rules and published the ...
Read MoreThe last change before the 1.7 release is now in the CVS. I have refactored the code dealing with ...
Read MoreNow you can analyse cookies using new selective filtering variables (COOKIE_name, COOKIE_NAMES, ...
Read MoreThere is a new feature available in the CVS, and it allows you to mask your web server and instruct ...
Read MoreI decided to change the name of this blog to "Web Security Blog". I figured that web security is ...
Read MoreThe new output filtering functions are now in CVS. I implemented this feature for Apache 2 first ...
Read MoreI have added a new action to the CVS, called "pause". It accepts one parameter, time in ...
Read MoreI've just committed the Unicode validation feature to the CVS. It is a very good thing to have if ...
Read MoreI've just added a new feature to mod_security (CVS, both versions) that allows you to achieve a ...
Read MoreI've had quite a lot of "fun" with PHP CLI scripts the other day. As you perhaps know, there is an ...
Read More