Xavier Santolaria's Library tagged modsecurity →  View Popular, Search in Google

"You may be familiar with the Emerging Threats project. They have a few Snort rules files related to known web application vulnerabilities and attacks:

* emerging-web_server.rules
* emerging-web_specific_apps.rules"

modsecurity security infosec web ids snort

"This is a follow-up post to ModSecurity Advanced Topic of the Week: Malware Link Detection in which we will highlight a new capability within ModSecurity v2.6 that allows for removal of data within response bodies."

infosec security malware modsecurity web

One of the most under-appreciated capabilities of web application firewalls (WAFs) is traffic monitoring and analysis.  Due to the fact that WAFs have access to the full inbound request and outbound response payloads, they are able to glean valuable insight into vulnerabilities and configuration issues such as missing HttpOnly or Secure cookie flags, etc...

security modsecurity vulnerability scanning pvs osvdb

This week's installment of Detecting Malice with ModSecurity will discuss how to detect and prevent Cross-Site Request Forgery (CSRF) Attacks.

modsecurity security webapps waf firewall

"The just released CRS v2.1.0 includes Credit Card Tracking rules. These will both track legitimate credit card usage and also prevent full credit card number leakages. Much of the following data was taken from a previous blog post by Ofer Shezaf however many sections have been updated with current ModSecurity and CRS information."

modsecurity firewall waf security infosec