Slashdot Mirror

← Back to Domains

Domain: modsecurity.org

Stories and comments across the archive that link to modsecurity.org.

Stories · 6

  1. OWASP ModSecurity Core Rule Set Version 3.0 Released (modsecurity.org)

    News · Security · · posted by EditorDavid · from the building-a-firewall dept. · 17 comments
    Need a new set of generic attack detection rules for your web application firewall? Try the new OWASP ModSecurity Core Rule Set version 3.0.0! Long-time Slashdot reader dune73 writes: The OWASP CRS is a widely-used Open Source set of generic rules designed to protect users against threats like the OWASP Top 10. The rule set is most often deployed in conjunction with an existing Web Application Firewall like ModSecurity. Four years in the making, this release comes with dozens of new features including reduced false positives (by over 90% in the default setup), improved detection of SQLi, XSS, RCE and PHP injections, the introduction of a Paranoia Mode which allows assigning a certain security level to a site, and better documentation that takes the pain out of ModSecurity.
    There's rumors this new rule set is even being made into a movie

  2. OWASP ModSecurity Core Rule Set Version 3.0 Released (modsecurity.org)

    News · Security · · posted by EditorDavid · from the building-a-firewall dept. · 17 comments
    Need a new set of generic attack detection rules for your web application firewall? Try the new OWASP ModSecurity Core Rule Set version 3.0.0! Long-time Slashdot reader dune73 writes: The OWASP CRS is a widely-used Open Source set of generic rules designed to protect users against threats like the OWASP Top 10. The rule set is most often deployed in conjunction with an existing Web Application Firewall like ModSecurity. Four years in the making, this release comes with dozens of new features including reduced false positives (by over 90% in the default setup), improved detection of SQLi, XSS, RCE and PHP injections, the introduction of a Paranoia Mode which allows assigning a certain security level to a site, and better documentation that takes the pain out of ModSecurity.
    There's rumors this new rule set is even being made into a movie

  3. OWASP ModSecurity Core Rule Set Version 3.0 Released (modsecurity.org)

    News · Security · · posted by EditorDavid · from the building-a-firewall dept. · 17 comments
    Need a new set of generic attack detection rules for your web application firewall? Try the new OWASP ModSecurity Core Rule Set version 3.0.0! Long-time Slashdot reader dune73 writes: The OWASP CRS is a widely-used Open Source set of generic rules designed to protect users against threats like the OWASP Top 10. The rule set is most often deployed in conjunction with an existing Web Application Firewall like ModSecurity. Four years in the making, this release comes with dozens of new features including reduced false positives (by over 90% in the default setup), improved detection of SQLi, XSS, RCE and PHP injections, the introduction of a Paranoia Mode which allows assigning a certain security level to a site, and better documentation that takes the pain out of ModSecurity.
    There's rumors this new rule set is even being made into a movie

  4. Ivan Ristic and SSL Labs: How One Man Changed the Way We Understand SSL

    It · Security · · posted by samzenpus · from the man-with-the-plan dept. · 25 comments
    An anonymous reader writes: Ivan Ristic is well-known in the information security world, and his name has become almost a synonym for SSL Labs, a project he started in early 2009. Before that, he was mostly known for his work with OWASP and the development of the wildly popular open source web application firewall ModSecurity. While SSL Labs was something Ristic worked on in his spare time, over time it became his main focus. In fact, over the years, the project incorporated a great number of checks that are impossible to perform manually. It's a game changer because, to assess your TLS configuration, you don't need to be an expert. Read the story about the project's evolution on Help Net Security.

  5. New Apache Module For Web Intrusion Detection

    Tech · Security · · posted by timothy · from the driven-by-the-forces-of-evil dept. · 49 comments
    ivan.ristic writes "Mod_security 1.7 has been released. Mod_security is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. The latest release adds output scanning to Apache 2.x; the ability to analyze cookies; functionality to change the identity of the web server; several new actions for rule grouping; new null-byte attack anti-evasion code."

  6. New Apache Module For Web Intrusion Detection

    Tech · Security · · posted by timothy · from the driven-by-the-forces-of-evil dept. · 49 comments
    ivan.ristic writes "Mod_security 1.7 has been released. Mod_security is an open source intrusion detection and prevention engine for web applications. It operates embedded into the web server, acting as a powerful umbrella - shielding applications from attacks. The latest release adds output scanning to Apache 2.x; the ability to analyze cookies; functionality to change the identity of the web server; several new actions for rule grouping; new null-byte attack anti-evasion code."