Secure Coding mailing list archives
Re: [Owasp-leaders] ModSecurity Important Update
From: Jim Manico <jim.manico () owasp org>
Date: Wed, 30 Mar 2011 09:30:09 -0700
Folks, Arshan Dabirsiaghi from Aspect deserves the real credit. He wrote this originally as a stand alone module. We at ESAPI twisted his arm to add it to ESAPI, and now we are splitting it out. (Sorry Arshan) - Jim
Some additional cool news the OWASP Java WAF (http://code.google.com/p/owasp-java-waf/) project team (Jim Manico and Juan Carlos Calderon) have agreed to work on a ModSecurity porting effort. This means that the OWASP Java WAF will be able to support a subset of the ModSecurity Rules Language, and thus, would allow Java web app users to directly utilizes the OWASP ModSecurity Core Rule Set (CRS). I am excited to work with Jim and Juan Carlos on this effort! Thanks guys, Ryan From: Tom Brennan <tomb () owasp org> Reply-To: <owasp-leaders () lists owasp org> Date: Wed, 30 Mar 2011 10:34:45 -0400 To: OWASP Leaders <owasp-leaders () lists owasp org>, <sc-l () securecoding org> Cc: Ryan Barnett <rbarnett () trustwave com> Subject: [Owasp-leaders] ModSecurity Important UpdateGuys, To facilitate further development and technological enhancements, ModSecurity has moved to Apache Software License v2. This non-viral open source license will now make it easier to implement ModSecurity with existing Apache programs and custom solutions, as well as community users to contribute code updates. This new licensing affects ModSecurity v2.6 (available in SVN trunk repository) and all subsequent code bases. Additional new capabilities currently available in v2.6 include: * Google Safe-Browsing API Integration: Protection for users and content providers from malicious links * Sensitive Data Tracking: Ability to identify and track US Social Security numbers * Data Modification: Ability to change data on-the-fly, before delivery, in order to better control outgoing content according to security policies For more information see: https://www.trustwave.com/pressReleases.php?n=new-modsecurity-release-includes -key-data-protection-advancements andhttp://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Projec> t- Brennan _______________________________________________ OWASP-Leaders mailing list OWASP-Leaders () lists owasp org https://lists.owasp.org/mailman/listinfo/owasp-leaders_______________________________________________ OWASP-Leaders mailing list OWASP-Leaders () lists owasp org https://lists.owasp.org/mailman/listinfo/owasp-leaders
_______________________________________________ Secure Coding mailing list (SC-L) SC-L () securecoding org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
Current thread:
- Re: [Owasp-leaders] ModSecurity Important Update Jim Manico (Mar 30)