This post is about my experience playing KringleCon for first time in 2020. Just a few words about the challenge and there is a link to my writeup of the challenges describing my apporach to solve the challenges.
CyberSecurity trainings and certifications
Over 18 years ago I started working in different activities around information security like access controls, proxy, firewalls, AV, network monitoring, etc. At that time, I was reading user manuals, […]
Testing ModSecurity rules
Developing effective ModSecurity rule sets is often an iterative process, there may be many ways to get the exact same result. This article discusses several alternatives to test ModSecurity rules. […]
My SANS Netwars Tournament experience
Attending a SANS conference for a training is a very rewarding opportunity, it is quite expensive but you receive the best quality training with very qualified instructors with a lot […]
Adopting OWASP CRS for your web site/app
Intro to the Core Rule Set OWASP ModSecurity Core Rule Set (CRS) is a set of attack and anomaly detection rules to protect web applications. The CRS in its latest […]
ModSecurity, ELK and A10:2017
ModSecurity as a WAF ModSecurity is open source has many awesome features and often is used as a reference and as a component of some WAF’s. The 2017 Magic Quadrant […]
Java serialization RCE detection
Java serialization Remote Command Execution detection ModSecurity rules In 2015 a interesting article published by Foxglove Security team put a vulnerability that exploited Java serialization on the spotlight, which was […]
WAF, yes, but why?
Web application firewalls (WAF) are being adopted by many as the first line of defense for their applications and platforms, that is good no doubt but there are several questions […]
New project
Welcome to the ModSecurity Positive rule set site! The project purpose is to provide an easy way to write your own custome modsecruity rules without having to be an expert […]