Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ANNOUNCE] ModSecurity 1.9RC1 has been released

from [Ivan Ristic] Network Security [Permanent Link]
Subject: [ANNOUNCE] ModSecurity 1.9RC1 has been released
Date: Thu, 06 Oct 2005 11:53:50 +0100 

ModSecurity 1.9RC1 has been released. It is available for immediate
download from:

    http://www.modsecurity.org/download/

This is the first release candidate in the 1.9.x branch. A stable
release is expected on Monday, October 31. Users are encouraged to
test this release thoroughly to catch any potentially remaining
problems.


Changes (since 1.9dev4)
-----------------------

A new SecFilterSignatureAction directive was added to allow for the
separation of policy and rule metadata. It allows rules that have
custom action lists to use the list defined with this directive as
a template. Improvements were made to the multipart parser, which
is now more robust and more strict in what it accepts. Several bugs
were fixed. Code clean-ups were made and a new regression testing
tool was added.

To see a list of improvements since 1.8 visit:
http://www.modsecurity.org/blog/archives/2005/09/whats_new_in_mo.html


About ModSecurity
-----------------
ModSecurity is a web application firewall, designed to protect
vulnerable applications and reject manual and automated attacks.
It is an open source intrusion detection and prevention system. It
can work embedded in Apache, or as a standalone security device when
configured to work as part of an Apache-based reverse proxy.

Optionally, ModSecurity creates application audit logs, which contain
the full request body in addition to all other details. Requests are
filtered using regular expressions. Some of the things possible are:

  * Apply filters against any part of the request (URI,
    headers, either GET or POST)
  * Apply filters against individual parameters
  * Reject SQL injection attacks
  * Reject Cross site scripting attacks
  * Store the files uploaded through the web server, and have them
    checked by external scripts

With few general rules ModSecurity can protect from both known
and unknown vulnerabilities. A Java version is also available, which
works with any Servlet 2.3 compatible web server.

--
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org






[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ANNOUNCE] ModSecurity 1.9RC1 has been released, Ivan Ristic <=
Previous by Date:  Re: What are we trying to "Benchmark" anyway? Report color, length, number of red exclamation points...., Eoin Keary
Next by Date:  (Quite a few!) volunteers needed for Turkish translation of OWASP Guide v2.0, burgun
Previous by Thread:  WASC Threat Classification in 4 languages, contact
Next by Thread:  (Quite a few!) volunteers needed for Turkish translation of OWASP Guide v2.0, burgun
Indexes:  [Date] [Thread] [Top] [All Lists]