ModSecurity Migration Matrix

Posted by rcbarnett on April 10, 2007.

For all of you who are using ModSecurity 1.x and looking for information on migrating to Mod 2.x, we have posted a migration matrix document that will help. The PDF document is listed under the "Documentation" page on the Mod site. Here is a direct link - ModSecurity Migration Matrix.

Please send comments and feedback to the mail-list.

Posted by rcbarnett at 06:16 PM

Webinar Featuring WHID on the Top Trends in Web Application Threats

Posted by ofer on April 02, 2007.

On April 11th I’m going to present a webinar on web application security, with a twist. The Webinar will outline the top threats to web sites in 2006 and will predict the trends of web attacks for 2007, but while most discussions of web site security vulnerabilities traditionally focused on the technical complexity of these attacks this time I will try to focus on the business impact of the vulnerabilities.

The traditional “techie” approach is to an extent based on “fear factor” and does not provide tools to assess the risk associated with web application vulnerabilities and therefore the effort and resources required to mitigate them.

This WebEx will use the Web Hacking Incident Database to prioritize web based attacks based on their actual business impact by examining past web site break-ins. The presentation will unveil a major upgrade to the Web Hacking Incident Database project, a Web Application Security Consortium project that documents known web site security incidents. The new upgrade will add business impact information to each incident in addition to the technical information available today.

The WebEx is targeted both at decision makers faced with the dilemma of budgeting web application security mitigation as well as consultants & security professionals tasked with performing risk assessment to web sites and web based applications.

Further details and registration at Breach Security Webinar Center

Posted by ofer at 01:55 PM