Geek(Wisdom).com

I spent the last week importing ModSecurity's source code repository into subversion at Source Forge. I am proud to announce that a read-only version of ModSecurity's subversion repository is now publicly available. In addition to this, Atlassian has graciously given...

This year, the OWASP's Summer of Code event contains one project that's of particular interest to me (and possibly to you, consider that you're following this blog): Securing WebGoat Using ModSecurity. If you've even seen WebGoat (a learning sandbox that...

In a few weeks' time I will present my favourite talk, Web Intrusion Detection with ModSecurity, at the ApacheCon US 2008 in New Orleans: Intrusion detection is a well-known network security technique--it introduces monitoring and correlation devices to networks, enabling...

I will be giving the updated version of our ModProfiler presentation this Sunday (14th) at the OWASP Israel 2008 conference. ModProfiler has seen a release or two since Black Hat (where it was announced) so I can now speak with...

Several years ago, a few more than I'd like to admit, I realised our chances for writing completely secure web applications are extremely slim; virtually non-existent. We can certainly try—and many are making heroic efforts—but nothing good can come out...

Back in May, at AppSec OWASP in Ghent, I listened to Alexander Meisel (who was presenting on behalf of OWASP Germany) talk about best practices for web application firewall deployment. The interesting talk was backed by a larger document, which...

I am happy to announce that we've just launched a public issue tracking facility for ModSecurity. It's available at https://www.modsecurity.org/tracker/. We've selected JIRA for this purpose, not only because it is the best issue tracking product our there, but also...