http://www.secuobs.com Observatoire de la securite Internet fr webmaster@secuobs.com 2010-02-09 23:30:22 - xiom.com The Web Application Firewalls Information Center : Larry Suto, an application security consultant, publish a sequel to his 2007 best seller research about web application scanners In the first round Larry managed to ignite quite a controversy and drew a lot of criticism from the loosing vendors http://www.secuobs.com/revue/news/190227.shtmlhttp://www.secuobs.com/revue/news/190227.shtml Secuobs.com : 2010-02-09 22:04:20 - xiom.com The Web Application Firewalls Information Center - Chenxi Wang from Forrester has released a new WAF research According to the publicly released information Forrester sees the market as small but solid at 200M in revenues in 2009 and 10pourcents grows this year http://www.secuobs.com/revue/news/190188.shtmlhttp://www.secuobs.com/revue/news/190188.shtml Secuobs.com : 2010-01-20 12:10:29 - xiom.com The Web Application Firewalls Information Center - Breach has release a new version of ModSecurity which fixes a vulnerability that may lead to an evasion As stated in the release announcement sent to the mailing list by Brian Rectanus, by using non-standard but accepted by some platforms quoting, ModSecurity may be fooled into thinking some parameters are uploaded files http://www.secuobs.com/revue/news/183590.shtmlhttp://www.secuobs.com/revue/news/183590.shtml Secuobs.com : 2010-01-20 12:10:29 - xiom.com The Web Application Firewalls Information Center - It was only a matter of time before someone creates an in the cloud WAF based on Amazon cloud computing services Art of defence, one of the early WAF in the cloud solution provider has won the innovation race this time http://www.secuobs.com/revue/news/183589.shtmlhttp://www.secuobs.com/revue/news/183589.shtml Secuobs.com : 2010-01-20 12:10:29 - xiom.com The Web Application Firewalls Information Center - I tend to think that technical books are obsolete The rate of change in software and systems makes them outdated before they hit the bookshelves, even if these are virtual books and virtual book shelves The tedious writing, editing and publishing cycle makes a book better but old Community generated content such as blogs and forums seems to provide a much better documentation than books http://www.secuobs.com/revue/news/183588.shtmlhttp://www.secuobs.com/revue/news/183588.shtml Secuobs.com : 2010-01-20 12:10:29 - xiom.com The Web Application Firewalls Information Center - A new ModSecurity book, of for that matter WAF book, is rare enough and I was overjoyed that one ModSecuirty book was released earlier this week What can I say now that two ModSecurity books where released in the same week http://www.secuobs.com/revue/news/183587.shtmlhttp://www.secuobs.com/revue/news/183587.shtml Secuobs.com : 2010-01-20 12:10:29 - xiom.com The Web Application Firewalls Information Center - Two significant events in the database security market occurred this week On the one end of the spectrum Guardium, a late stage database security startup, was purchased by IBM for 225 million http://www.secuobs.com/revue/news/183586.shtmlhttp://www.secuobs.com/revue/news/183586.shtml Secuobs.com : 2010-01-20 12:10:29 - xiom.com The Web Application Firewalls Information Center - A remote command injection vulnerability was found in Applicure's dotDefender WAF management console The vulnerability allows an authenticated dotDefender manager to execute arbitrary commands on the protected server Exploiting the vulnerability requires to first authenticate to the server, lowering its potential risk http://www.secuobs.com/revue/news/183585.shtmlhttp://www.secuobs.com/revue/news/183585.shtml Secuobs.com : 2010-01-20 12:10:29 - xiom.com The Web Application Firewalls Information Center - DragonSoft from Taiwan has introduced what they label a Personal Web Application Firewall The new product is essentially a low cost IIS plug-in and the personal label refers to the price rather than to some desktop protection http://www.secuobs.com/revue/news/183584.shtmlhttp://www.secuobs.com/revue/news/183584.shtml Secuobs.com : 2010-01-20 12:10:29 - xiom.com The Web Application Firewalls Information Center - An enlightening case study presented by ArgoWorks, an Armorlogic reseller, highlights the benefit that PCI brings to the WAF market but also the its curse http://www.secuobs.com/revue/news/183583.shtmlhttp://www.secuobs.com/revue/news/183583.shtml Secuobs.com : 2010-01-20 12:10:29 - xiom.com The Web Application Firewalls Information Center - In a recent OWASP meeting I gave an overview presentation on how WAFs interact with cloud computing, both utilizing the cloud and protecting cloud based applications I have discussed the following scenarios http://www.secuobs.com/revue/news/183582.shtmlhttp://www.secuobs.com/revue/news/183582.shtml Secuobs.com : 2010-01-20 12:10:29 - xiom.com The Web Application Firewalls Information Center - You can find a rule set for using ModSecurity with TYPO3 installations here The rule set consists of pretty inelegant exceptions to entire rules, but at least it should enable using ModSecurity with TYPO3 http://www.secuobs.com/revue/news/183581.shtmlhttp://www.secuobs.com/revue/news/183581.shtml