This is a blog post about the OWASP ModSecurity Core Rules. The rule 981173 was recently updated in the 2.9 core rule branch to reduce the uuid induced false positives for the rule. Uuids are indeed a major source of false positives on this rule, also in installations I know. The said update pulled in […]
November 2, 2015, saw this years edition of the conference Cyber-Risks Switzerland organised by MELANI. While the last year’s edition presented a lot of interesting and promising ideas, this year brought concepts in draft stage, first reports from the frontline, lessons learnt at law enforcement and a batch of reports in finalised state. It’s all […]
The minutes of the first ModSecurity Developer Community Meeting have been posted online at https://www.modsecurity.org/developers/meetings/modsecurity.2015-10-14-19.06.html. A tiny patch fixing the ModSecurity / Apache logformat has been accepted into the next ModSecurity release 2.9.1. So we are technically part of the developer community, but our participation goes far deeper than the coding. See the transcript. […]
Domenico Salvati and Adrian Leuenberger of DefCon Switzerland ran a workshop on corporate risk management in Zurich. This one-day event addressed two goals: To present a model of risk “compatible” with upper management in order to allow techies to talk with high-ranked business representatives. To talk about a second model which measures and calculates probabilities […]