Breach Security, Inc., the leader in web application security, today announced the latest version of its open source ModSecurity web application firewall, the most deployed web application firewall in the world with over 15,000 users. The latest release, ModSecurity v2.5, offers a significant improvement in performance using set-based parallel text matching, as well as automated rule update capabilities, and a robust scripting language interface. New features include detection of credit card numbers and the ability to set policy based on the geography of an attacker.

"This latest version of ModSecurity was built with enhanced performance and flexibility to meet the demands of protecting web applications in high-volume deployments," said Ivan Ristic, ModSecurity author and chief evangelist for Breach Security, Inc. "ModSecurity v2.5 delivers improved performance to run efficiently in front of high-traffic web sites along with greater flexibility -- users can now write rules that best address the complex vulnerabilities specific to their environments."

Using set-based parallel matching, ModSecurity now processes requests much faster while using fewer resources. With ModSecurity v2.5, users can incorporate large lists of patterns, such as spam keywords and black-listed IP addresses into ModSecurity with very little effort and without impacting performance.

In addition to performance enhancements, the new version also features an automated rule updates capability. ModSecurity deployments frequently rely on rule sets obtained from third-party developers, for example, Breach Security distributes ModSecurity Core Rules freely under GPLv2. While the installation of these rule sets is quick and easy, maintenance can be difficult and time consuming. Because changes and new discoveries are frequent in the dynamic field of web application security, the high cost of rule set maintenance is effectively reducing the usefulness of web application firewalls. To help address this problem, ModSecurity v2.5 includes a tool that can be used to periodically check a ModSecurity Rules server to ensure that rules are up-to-date.

ModSecurity v2.5 also includes LUA, a high-speed scripting language commonly used in the gaming world. By incorporating a full-blown scripting language, ModSecurity provides more flexibility to rules writers. LUA can be used to add custom anti-evasion transformations specific to the protected application, perform complex logic between conditions and apply mathematical expressions to parameters before validating them.

New key features in ModSecurity v2.5 include:

-- Performance improvements

o Transformation function caching -- transformation functions are

an important feature of ModSecurity as they allow rules to be

resistant to evasion; however, they affect rules' execution

speed. Caching the result of transformation functions enables

using them freely in rules without impacting performance,

facilitating more robust and secure rules.

-- Credit card number detection

o Using the industry standard LUHN formula, ModSecurity can now

accurately detect credit card numbers by verifying that detected

patterns are valid credit card numbers.

-- Rules based on geographical lookup of client IP addresses

o A ModSecurity rule can now allow setting policy using the

geography of the client accessing the web site. For example,

ModSecurity can block out-of-country requests, limit them to more

restricted functionality, or simply log the geographic

information.

-- Content injection

o ModSecurity can add content to HTML replies based on rules.

Possible applications for HTML injections within server responses

include client-side input validation, CSRF mitigation and

client-side reconnaissance.

Other new features include:

-- Better exceptions management allowing separation between third-party

rule sets such as Breach Security Core Rule Set and site-specific

customization.

-- Support for central audit and audit resiliency by sending audit log

data to multiple external monitoring systems such as a ModSecurity

Management Appliance.

-- New transformation functions added to help combat common evasion

tactics used by current web attackers.

-- PDF Universal XSS protection -- uses a one-time cryptographic token to

ensure that PDF files do not have client-side XSS associated with them

on the client.

About Breach Security

Breach Security, Inc. is the leading provider of real-time, continuous web application security that protects sensitive web-based information. Breach Security's products protect web applications from hacking attacks and data leakage, and ensure applications operate as intended. The company's products are trusted by thousands of organizations around the world, including leaders in finance, healthcare, ecommerce, travel, and government. For more information, please visit http://www.breach.com/ [1].