security


OWASP ModSecurity Core Rules: Comparing 2.2.x and 3.0.0-dev

It has been a while since we have seen big development in the OWASP ModSecurity Core Rules. This is due to the fact, that the development took place in a separate branch named 3.0.0-dev which adopts many of the newer features and operators included in ModSecurity since 2.7; notably @detectSQLi and @detectXSS. When you take […]


Conference Report “Cyber Risks Switzerland 2015”

November 2, 2015, saw this years edition of the conference Cyber-Risks Switzerland organised by MELANI. While the last year’s edition presented a lot of interesting and promising ideas, this year brought concepts in draft stage, first reports from the frontline, lessons learnt at law enforcement and a batch of reports in finalised state. It’s all […]


Talking Risk in Information Technology

Domenico Salvati and Adrian Leuenberger of DefCon Switzerland ran a workshop on corporate risk management in Zurich. This one-day event addressed two goals: To present a model of risk “compatible” with upper management in order to allow techies to talk with high-ranked business representatives. To talk about a second model which measures and calculates probabilities […]


Reporting from the Convention “Cyber Risks Switzerland 2014”

This is a brief report from the convention Cyber Risks Switzerland 2014 (Tagung Cyber Risiken Schweiz), Berne November 20, 2014. The conference, organised by ISB/MELANI, was meant to give some insight into the implementation of the various tasks formulated in the National Cyber Strategy (NCS). Meeting and networking between all sorts of players in the […]


Malware Workshop With Roberto Perdisci And MELANI

Roberto Perdisci is an expert on botnets and malware infections at the University of Georgia. He came to Switzerland to present his Amico Open Source Software at Swiss Cyberstorm 2014 and I (Christian Folini here) had the pleasure to host a workshop with him and several malware specialists from MELANI, the Federal Swiss Reporting and […]