PHP chapter from Apache Security available for download
I have made the PHP chapter from Apache Security available for free download. When we made the ...
Read MoreMore on impedance mismatch
Recently there has been increased interest in the impedance mismatch problem, which occurs between ...
Read MoreThe future of web application firewalls
It always pays off to visit Richard Bejtlich's blog once in a while. (Or, even better, subscribe to ...
Read MoreExternal Web Application Protection: Impedance Mismatch
Web application firewalls have a difficult job trying to make sense of data that passes by, without ...
Read MoreMod_security 1.8.7RC2 available
Second release candidate for mod_security 1.8.7 is available for download. I performed a detailed ...
Read MoreModSecurity for Java Milestone 3 now available
I have just released an updated version of ModSecurity for Java. This version implements the core ...
Read Moremod_security and the PHPBB worm (Santy.A)
I have been asked to design a mod_security rule to protect sites from the recent PHPBB worm. Now, I ...
Read MorePortable web firewall rule format
For some time now I've been working on a portable web firewall rule format as part of the OASIS WAS ...
Read MoreWASC releases Threat Classification
They've been very quiet for a number of months and now you know what they have been doing - working ...
Read MoreAVDL becomes a standard
Application Vulnerability Description Language (AVDL) has been approved as an OASIS standard last ...
Read MoreNetwork Security Hack #93: mod_security
O'Reilly have a new book out: Network Security Hacks. It is a really good book (I read it on Safari ...
Read MoreModSecurity audit log to MySQL parser
Dhillon A. K. has written a new article about mod_security. The article is essentially a brief ...
Read MoreChroot support significantly improved in v1.8
Last night I updated the code that provides the internal chroot functionality in mod_security. I am ...
Read MoreWeb Application Security Consortium Announced
A new organisation has just been announced: the Web Application Security Consortium. The ...
Read MorePaper on passive information gathering
TechicalInfo.Net is an excellent resource for Web Security information. Gunter Ollmann has provided ...
Read MoreAVDL Committee Draft is out
This morning I got news of AVDL becoming a Committee Draft; you can get it here. AVDL (Application ...
Read MoreJIRA license for ModSecurity
I am very happy to announce that I've been granted a free JIRA license to use with ModSecurity! I ...
Read MoreFree Apache hardening utility
Syhunt, a security tool company from Brazil, have released a free Apache configuration hardening ...
Read MoreNew Apache module: mod_log_forensic
A new module has been added to the Apache CVS repository: mod_log_forensic. It is a standard module ...
Read MoreEnd of year post!
I thought a post to mark the end of the year would be in order. It has been a very good year for ...
Read MoreFile interception supported
Building on the multipart/form-data support I added to mod_security the other day, today I added ...
Read MoreMultipart support added
Over the weekend I worked on adding the multipart/form-data support to mod_security. As a result, ...
Read MoreA milestone reached
I feel like I've reached a new milestone with mod_security. First of all, it is important to note ...
Read MoreUpdated the Snort rules conversion script
The new version of the script to convert Snort rules into mod_security rules is now available (from ...
Read MoreConverted Snort rules to mod_security rules
I wrote a simple Perl script to convert Snort rules to mod_security rules and published the ...
Read MoreEnhanced rules now available
The last change before the 1.7 release is now in the CVS. I have refactored the code dealing with ...
Read MoreCookie parsing added
Now you can analyse cookies using new selective filtering variables (COOKIE_name, COOKIE_NAMES, ...
Read MoreMasking your web server
There is a new feature available in the CVS, and it allows you to mask your web server and instruct ...
Read More