I was following the development of mod_security, the web application firewall, since many years and really was impressed by results and what could be achieved with it so far. What I found impressive with mod_security is that you can write things in two lines that need more complex code with other tools.


mod_security when integrated with the web server it will certainly increase your power to deal with web attacks. One of the rare tools that you can learn very fast, but need also lot of practice to profit from all its capabilities.
Why I’m talking today about mod_security ? because of its capabilities to fix security issues on websites without even going inside the code of the website itself ! The only issues that still remain is to adopt mod_security as your application firewall, then detect correctly the security problems related to your website.
More information :
ModSecurity official website
Web Security Appliance With Apache and mod_security
Introducing mod_security
Update : ModSecurity have been aquired by Breach Security ! Congrats, Ivan !

RELATED ARTICLESMORE FROM AUTHOR

2 COMMENTS

  1. I think the best move so far, at mod_security, is with the new “Core Rules” initiative. Before which, you had to get the rule set from a 3rd party, or write your own.
    The rules are still a bit to broad, and always need tweaking. But I’m sure things are moving forward.
    I wonder if its feasible to create a GUI app to manage and create new rules.

  2. I think the best move so far, at mod_security, is with the new “Core Rules” initiative. Before which, you had to get the rule set from a 3rd party, or write your own.
    The rules are still a bit to broad, and always need tweaking. But I’m sure things are moving forward.
    I wonder if its feasible to create a GUI app to manage and create new rules.

LEAVE A REPLY

Please enter your comment!
Please enter your name here