WebSecurity Blog @ jwall.org

Positive Security Models and ModSecurity

Wed, 10 Dec 2008 20:04:19 GMT

The ModSecurity Apache tools is a powerful and effective weapon against a variety of threats to web-applications - if setup properly and fitted with the right rulesets. Unfortunately does the creation of rulesets require a lot of low-level expert knowledge, which makes rules often appear complicated and error-prone. In this blog-post I want to introduce the concept of abstract web-application profiles and provide an easy tutorial on how rulesets can be enhanced using white-listing approaches and the WebProfileEditor, developed at jwall.org.

Speaking at OWASP Conference in Frankfurt

Fri, 28 Nov 2008 08:31:45 GMT

Thanks to Thomas, Boris and Georg for re-launching the OWASP chapter Germany! The first German conference on Web-Application Security raised big interest, taking into account the little preparation time.

Having been a passive observer of OWASP and its activities in the last years I have been given the opportunity to actively take part at the OWASP conference in Frankfurt.

BugFixes in web-audit Library and AuditViewer

Wed, 19 Nov 2008 16:51:22 GMT

A few bugs have been reported in the AuditViewer all of which were related to errors in the web-audit library. These have been fixed in the current release 0.2.15 of the library.

The lastest binary release (0.3.3c) of the AuditViewer now does include the 0.2.15 version of the audit library and the bugfixes.