|
|
|
|
 |
Breach Security Releases Latest Version of ModSecurity Open Source Web Application Firewall |
| Companies mentioned in this article: |
|
Breach Security |
|
| 3/24/2008 @ 8:27 AM
print this article -
email to a friend -
join our eNewsletter
|
 |
Breach Security, Inc., the leader in web application security, today announced the latest version of its open source ModSecurity web application firewall, the most deployed web application firewall in the world with over 15,000 users. The latest release, ModSecurity v2.5, offers a significant improvement in performance using set-based parallel text matching, as well as automated rule update capabilities, and a robust scripting language interface. New features include detection of credit card numbers and the ability to set policy based on the geography of an attacker.
"This latest version of ModSecurity was built with enhanced performance and flexibility to meet the demands of protecting web applications in high-volume deployments," said Ivan Ristic, ModSecurity author and chief evangelist for Breach Security, Inc. "ModSecurity v2.5 delivers improved performance to run efficiently in front of high-traffic web sites along with greater flexibility -- users can now write rules that best address the complex vulnerabilities specific to their environments."
Using set-based parallel matching, ModSecurity now processes requests much faster while using fewer resources. With ModSecurity v2.5, users can incorporate large lists of patterns, such as spam keywords and black-listed IP addresses into ModSecurity with very little effort and without impacting performance.
In addition to performance enhancements, the new version also features an automated rule updates capability. ModSecurity deployments frequently rely on rule sets obtained from third-party developers, for example, Breach Security distributes ModSecurity Core Rules freely under GPLv2. While the installation of these rule sets is quick and easy, maintenance can be difficult and time consuming. Because changes and new discoveries are frequent in the dynamic field of web application security, the high cost of rule set maintenance is effectively reducing the usefulness of web application firewalls. To help address this problem, ModSecurity v2.5 includes a tool that can be used to periodically check a ModSecurity Rules server to ensure that rules are up-to-date.
ModSecurity v2.5 also includes LUA, a high-speed scripting language commonly used in the gaming world. By incorporating a full-blown scripting language, ModSecurity provides more flexibility to rules writers. LUA can be used to add custom anti-evasion transformations specific to the protected application, perform complex logic between conditions and apply mathematical expressions to parameters before validating them.
New key features in ModSecurity v2.5 include:
-- Performance improvements
o Transformation function caching -- transformation functions are
an important feature of ModSecurity as they allow rules to be
resistant to evasion; however, they affect rules' execution
speed. Caching the result of transformation functions enables
using them freely in rules without impacting performance,
facilitating more robust and secure rules.
-- Credit card number detection
o Using the industry standard LUHN formula, ModSecurity can now
accurately detect credit card numbers by verifying that detected
patterns are valid credit card numbers.
-- Rules based on geographical lookup of client IP addresses
o A ModSecurity rule can now allow setting policy using the
geography of the client accessing the web site. For example,
ModSecurity can block out-of-country requests, limit them to more
restricted functionality, or simply log the geographic
information.
-- Content injection
o ModSecurity can add content to HTML replies based on rules.
Possible applications for HTML injections within server responses
include client-side input validation, CSRF mitigation and
client-side reconnaissance.
Other new features include:
-- Better exceptions management allowing separation between third-party
rule sets such as Breach Security Core Rule Set and site-specific
customization.
-- Support for central audit and audit resiliency by sending audit log
data to multiple external monitoring systems such as a ModSecurity
Management Appliance.
-- New transformation functions added to help combat common evasion
tactics used by current web attackers.
-- PDF Universal XSS protection -- uses a one-time cryptographic token to
ensure that PDF files do not have client-side XSS associated with them
on the client.
About Breach Security
Breach Security, Inc. is the leading provider of real-time, continuous web application security that protects sensitive web-based information. Breach Security's products protect web applications from hacking attacks and data leakage, and ensure applications operate as intended. The company's products are trusted by thousands of organizations around the world, including leaders in finance, healthcare, ecommerce, travel, and government. For more information, please visit www.breach.com/. |
| Computers/Internet/Hardware/Software |
|
|
| |
| Saturday, May 10, 2008 |
 |
|
AP Labs receives FCS Small Business of the Year Award Posted 8:15 AM PST
|
| |
| Thursday, May 8, 2008 |
|
|
ImageWare Systems Announces New Stock Symbol “IWSY” Posted 8:03 AM PST
CNR.com Announces Support For Linux Mint Operating System Posted 8:00 AM PST
|
| |
| Wednesday, May 7, 2008 |
|
|
TDG Aerospace Receives Patents on Its FAA Approved UFI Electrical Fault Detection Devices Posted 2:19 PM PST
Nik Software Ships Viveza Plug-in for Aperture Posted 1:58 PM PST
Mad Catz to Produce Liverpool Football Club Branded Videogame Controllers and Related Accessories Posted 1:58 PM PST
ID Analytics for Compliance Enables Creditors to Satisfy Red Flag and Address Discrepancy Compliance Without Impacting the Consumer Experience Posted 6:42 AM PST
Iomega Announces New 'Camo' Model in Award-Winning eGo Portable Hard Drive Line Posted 6:38 AM PST
MindTouch Releases Deki Wiki “Jay Cooke” v8.05 Posted 6:33 AM PST
|
| |
| Tuesday, May 6, 2008 |
|
|
Stradley, Ronon, Stevens & Young Selects Anacomp's CaseLogistix for Litigation Support Posted 5:20 PM PST
Micro Focus Expands with San Diego Office Opening Office Posted 4:54 PM PST
San Diego Software Industry Council Announces Agenda and Keynote Speakers for May 15 Managing Innovation Conference Posted 4:45 PM PST
Virginia Tech Bookstores Selects Arkeia EdgeFort Appliances as Data Protection Solution Posted 9:00 AM PST
DivX and Revision3 Bring Popular Online Video Network to the Television Through DivX Connected Posted 8:58 AM PST
EMB Helps Insurance Companies Stay Ahead of the Price War with Improved Software Posted 8:56 AM PST
The Scientific Business of Thomson Reuters Increases Customer Insights Through Coradiant and Omniture Genesis Integration Posted 8:55 AM PST
Verari Systems Completes Milestone Shipment of Newest Blade-Based Hybrid Storage and Server Solution Posted 8:48 AM PST
NSS Labs awards “Approved” rating to IBM’s Network Intrusion Prevention System Posted 8:29 AM PST
Overland Storage Unveils Certification Program for VARs, Recognizes Channel Excellence and Shares Future Strategies at Partner Summit 2008 Posted 8:25 AM PST
|
| |
| Monday, May 5, 2008 |
|
|
Verimatrix Enables Secure Delivery of Premium Content for IOL Netcom’s Unique On-Demand IPTV Business Model Posted 4:38 PM PST
Certona Joins Bazaarvoice Radius to Help Marketers Execute Integrated Social Commerce Strategies Posted 4:31 PM PST
WhiteHat Security and Breach Security Team to Offer Powerful Web Application Security Posted 6:38 AM PST
|
| |
| Thursday, May 1, 2008 |
|
|
MadCap Software and Translations.com Form Strategic Partnership to Streamline Delivery of Best-in-Class, Localized Content Posted 9:46 AM PST
Buzztime Launches Enhancements to Its Interactive Entertainment Product Posted 9:40 AM PST
BakBone Introduces NetVault: Report Manager Pro for Improved Search Capabilities and Simplified Data Management Posted 7:48 AM PST
|
| |
| Wednesday, April 30, 2008 |
|
|
VisionGATEWAY wins Major Contract for INTERScepter SmartParent Solution Posted 5:09 PM PST
American Stock Exchange Approves Mad Catz Plan to Regain Compliance with Listing Standards Posted 4:49 PM PST
Quik-Pak Attains ISO 9001:2000 Certification Posted 7:45 AM PST
Radware’s DefensePro Receives NSS Labs’ “Approved” for Attack Mitigation Posted 6:38 AM PST
Certona, LENSER Announce Partnership Posted 6:37 AM PST
ImageWare Announces Plan to Move to OTC Trading Posted 6:15 AM PST
ReverseEngineering.com Releases Plug-In for Autodesk Inventor 2009 Posted 6:15 AM PST
|
| |
| Tuesday, April 29, 2008 |
|
|
MadCap Software Awarded by Association of Support Professionals for Having One of Industry's Ten Best Web Support Sites Posted 6:19 AM PST
Cymer Installs XLR 500i Light Source at IMEC Posted 6:06 AM PST
MIR3 Enables Incorporation of Microsoft System Center Operations Manager with TelAlert 6e Posted 6:06 AM PST
|
| |
| Monday, April 28, 2008 |
|
|
Onkyo Becomes Latest Microprocessor Patent Licensee Posted 6:11 AM PST
|
|
|
|
|
|
FreshNews.com Jobs Change DAILY
We Have 5.000 + Job Listings! Open Your FREE Account
Employers or Job Searchers Get Started Now! Click Here
|
