ModSecurity Elevator Pitch at EUSecWest

Posted by ivanr on February 24, 2006.

I spent some time this week at the EUSecWest conference here in London. EUSecWest is a highly-technical security conference. Organised by the same people that are doing CanSecWest, this is the first time they had a conference here in Europe. From what I hear, they liked it, so it's likely there will be another one next year.

The organisers were kind to invite me to give a short vendor talk: ten minutes of me explaining why ModSecurity is the best thing since sliced bread, followed by ten minutes of the audience asking questions. (You'll find the slides for my talk here: ModSecurity Elevator Pitch). Now, I am not your typicall vendor, but I jumped at the opportunity and it was fun. An advantage of doing an open source product is your audience can't complain about the price, especially when there's optional commercial support to go with the product. I thought the audience liked my proposal. Perhaps that's because I was "selling" ModSecurity to do tasks it really can do :)

Posted by ivanr at 05:18 PM

Archive of Amit Klein's Work

Posted by ivanr on February 06, 2006.

Amit Klein is at it again with the release of his new paper Domain Contamination. The paper discusses how the HTTP caching mechanisms we have in wide use today work equally well for distribution and preservation of malicious content.

In case you are not familiar with Amit's work, he is one of the most productive web application security researchers I know. But up until last week there was not a single place where you could find his papers. So I decided to collect them and upload them to http://www.modsecurity.org/archive/amit/. (With his permission, of course.)

Posted by ivanr at 10:18 AM