Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [Owasp-leaders] ModSecurity Important Update

From: Jim Manico <jim.manico () owasp org>
Date: Wed, 30 Mar 2011 09:30:09 -0700
Folks,

Arshan Dabirsiaghi from Aspect deserves the real credit. He wrote this
originally as a stand alone module. We at ESAPI twisted his arm to add
it to ESAPI, and now we are splitting it out. (Sorry Arshan)

- Jim



Some additional cool news ­ the OWASP Java WAF
(http://code.google.com/p/owasp-java-waf/) project team (Jim Manico and Juan
Carlos Calderon) have agreed to work on a ModSecurity porting effort.  This
means that the OWASP Java WAF will be able to support a subset of the
ModSecurity Rules Language, and thus, would allow Java web app users to
directly utilizes the OWASP ModSecurity Core Rule Set (CRS).

I am excited to work with Jim and Juan Carlos on this effort!

Thanks guys,
Ryan

From:  Tom Brennan <tomb () owasp org>
Reply-To:  <owasp-leaders () lists owasp org>
Date:  Wed, 30 Mar 2011 10:34:45 -0400
To:  OWASP Leaders <owasp-leaders () lists owasp org>, <sc-l () securecoding org>
Cc:  Ryan Barnett <rbarnett () trustwave com>
Subject:  [Owasp-leaders] ModSecurity Important Update


Guys, 


To facilitate further development and technological enhancements, ModSecurity
has moved to Apache Software License v2. This non-viral open source license
will now make it easier to implement ModSecurity with existing Apache programs
and custom solutions, as well as community users to contribute code updates.
This new licensing affects ModSecurity v2.6 (available in SVN trunk
repository) and all subsequent code bases.
Additional new capabilities currently available in v2.6 include:
* Google Safe-Browsing API Integration: Protection for users and content
providers from malicious links
* Sensitive Data Tracking: Ability to identify and track US Social Security
numbers
* Data Modification: Ability to change data on-the-fly, before delivery, in
order to better control outgoing content according to security policies
For more information see:

https://www.trustwave.com/pressReleases.php?n=new-modsecurity-release-includes
-key-data-protection-advancements

and



http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Projec>
t


- Brennan
_______________________________________________ OWASP-Leaders mailing list
OWASP-Leaders () lists owasp org
https://lists.owasp.org/mailman/listinfo/owasp-leaders






_______________________________________________
OWASP-Leaders mailing list
OWASP-Leaders () lists owasp org
https://lists.owasp.org/mailman/listinfo/owasp-leaders


_______________________________________________
Secure Coding mailing list (SC-L) SC-L () securecoding org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________
Previous By Date Next
Previous By Thread Next

Current thread: