Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Apache mode_security

from [Ivan Ristic] Network Security [Permanent Link]
Subject: Re: Apache mode_security
Date: Wed, 16 Nov 2005 14:55:29 +0000 
A collection of generic detection-only rules will be released on
modsecurity.org some time next week. This collection will then be
included with ModSecurity starting with 2.0. If you (or anyone else on
the list, for that matter) want to evaluate the rules before their
publication please send me a private email. I am looking for people
running complex web applications able to provide raw logs or run
ModSecurity in detection-only mode. The idea is to weed out the
remaining false positives before the rule set hits the public.

On 11/16/05, Serg Belokamen <serg.belokamen@gmail.com> wrote:

I am look at mod_security module for Apache... looks interesting so far.

Can anyone point me in the right direction, URL perhaps, in regards to
regular expression list (if one exists) to detect common attacks over
HTTP (SQL injections, XSS, etc.)

   Thanks,
      Serg



--
Ivan Ristic
Apache Security (O'Reilly) - http://www.apachesecurity.net
Open source web application firewall - http://www.modsecurity.org
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Blind SQL Injection / Stored procedures, Laramies
Next by Date:  HTTP REFERER not set in Internet Explorer, Saqib Ali
Previous by Thread:  Apache mode_security, Serg Belokamen
Next by Thread:  Re: Apache mode_security, Stefano Di Paola
Indexes:  [Date] [Thread] [Top] [All Lists]