Developing effective ModSecurity rule sets is often an iterative process, there may be many ways to get the exact same result. This article discusses several alternatives to test ModSecurity rules. […]
Adopting OWASP CRS for your web site/app
Intro to the Core Rule Set OWASP ModSecurity Core Rule Set (CRS) is a set of attack and anomaly detection rules to protect web applications. The CRS in its latest […]
ModSecurity, ELK and A10:2017
ModSecurity as a WAF ModSecurity is open source has many awesome features and often is used as a reference and as a component of some WAF’s. The 2017 Magic Quadrant […]
Java serialization RCE detection
Java serialization Remote Command Execution detection ModSecurity rules In 2015 a interesting article published by Foxglove Security team put a vulnerability that exploited Java serialization on the spotlight, which was […]
WAF, yes, but why?
Web application firewalls (WAF) are being adopted by many as the first line of defense for their applications and platforms, that is good no doubt but there are several questions […]