Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

7/25/2012
04:45 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Micro​soft/Trust​wave Expand ModSecurit​y To IIS And Nginx Servers

ModSecurity is a free, open source Web application firewall

CHICAGO– July 25, 2012 – Trustwave, a leading provider of cloud-based compliance and information security solutions, today announced that the popular, open source ModSecurity® Web Application Firewall now supports the top three Web server platforms, including new support for Microsoft’s Internet Information Services (IIS) and Nginx, in addition to existing support for Apache Web servers. Trustwave collaborated with the Microsoft Security Response Center (MSRC) to extend the reach of ModSecurity to Microsoft IIS.

Web applications allow companies to use the power of the Internet to conduct business and interface with a larger market, delivering a better user experience for their customers and partners. With this growth in usage, attackers are targeting Web applications to break into the core of an organization and gain access to its privileged information.

ModSecurity is a free, open source Web application firewall (WAF) that is continuously developed and managed by SpiderLabs, Trustwave's advanced security team. This open source technology enforces security policies to Web transactions, reducing the risk of Web-based attacks. As an open source technology, users and developers contribute to the community to help maintain a sustainable solution that defends Web applications.

"Having ModSecurity available for these additional platforms will help organizations protect their Web applications from attacks," said Nicholas J. Percoco, senior vice president and head of Trustwave SpiderLabs. "As the principal custodian of the ModSecurity open source product, we believe this new support for Microsoft IIS and Nginx will further expand the popularity of the industry’s open-source Web application firewall.”

Trustwave’s participation in the Microsoft Active Protections Program (MAPP), a program for security software providers, gives Trustwave early insight into “Patch Tuesday” vulnerabilities. Trustwave SpiderLabs uses this insight to develop protections for Trustwave products, including Trustwave’s managed security services and its Web application firewalls, Web Defend and ModSecurity.

"It is critical for organizations to address identified Web application vulnerabilities as soon as possible," added Percoco. "ModSecurity is an excellent tool for addressing the vulnerability before the Web application can be updated. Our update for ModSecurity is another testament to Trustwave’s commitment to helping organizations secure their applications and data.”

ModSecurity is a viable option for organizations such as hosting providers that have multiple customers using Web applications or companies that want a deeply customized Web application firewall to protect their Web application environment.

Trustwave also offers a proprietary Web application firewall called Trustwave Web Defend, which gives organizations a simplified and easy-to-install Web application firewall that offers out-of-the-box reporting, a graphical user interface, and secured integration with Trustwave SIEM. Trustwave WebDefend can be purchased as a stand-alone product, or as a component of the Trustwave360 Application Security program, which combines secure code training, application penetration testing and code review with the Trustwave Web Defend Web application firewall.

Supporting this announcement, Greg Wroblewski of Microsoft’s Security Response Center and Ryan Barnett of Trustwave SpiderLabs will present: “ModSecurity as a Universal Cross-Platform Web Protection Tool,” and give live demonstrations as part of Arsenal Tools at the Black Hat USA2012 security conference in Las Vegas, today, July 25.

The latest version of ModSecurity is currently available at http://www.modsecurity.org/download/.

About Trustwave

Trustwave is a leading provider of compliance, Web, application, network and data security solutions delivered through the cloud, managed security services, software and appliances. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its TrustKeeper® portal and other proprietary security solutions. Trustwave has helped hundreds of thousands of organizations--ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers--manage compliance and secure their network infrastructures, data communications and critical information assets. Trustwave is headquartered in Chicago with offices worldwide. For more information, visit https://www.trustwave.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
8/2/2012 | 12:19:07 PM
re: Micro​soft/Trust​wave Expand ModSecurit​y To IIS And Nginx Servers


We think that WAF is not a solution to the application
security problem challenging us today. WAFs have their place, we canGt deny it,
but that is just a small part of the story. For more information about our
vision, we invite you to read the following article: http://blog.securityinnovation...
-

Attackers Leave Stolen Credentials Searchable on Google
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2021
How to Better Secure Your Microsoft 365 Environment
Kelly Sheridan, Staff Editor, Dark Reading,  1/25/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: We need more votes, check the obituaries.
Current Issue
2020: The Year in Security
Download this Tech Digest for a look at the biggest security stories that - so far - have shaped a very strange and stressful year.
Flash Poll
Assessing Cybersecurity Risk in Today's Enterprises
Assessing Cybersecurity Risk in Today's Enterprises
COVID-19 has created a new IT paradigm in the enterprise -- and a new level of cybersecurity risk. This report offers a look at how enterprises are assessing and managing cyber-risk under the new normal.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-3272
PUBLISHED: 2021-01-27
jp2_decode in jp2/jp2_dec.c in libjasper in JasPer 2.0.24 has a heap-based buffer over-read when there is an invalid relationship between the number of channels and the number of image components.
CVE-2021-3317
PUBLISHED: 2021-01-26
KLog Server through 2.4.1 allows authenticated command injection. async.php calls shell_exec() on the original value of the source parameter.
CVE-2013-2512
PUBLISHED: 2021-01-26
The ftpd gem 0.2.1 for Ruby allows remote attackers to execute arbitrary OS commands via shell metacharacters in a LIST or NLST command argument within FTP protocol traffic.
CVE-2021-3165
PUBLISHED: 2021-01-26
SmartAgent 3.1.0 allows a ViewOnly attacker to create a SuperUser account via the /#/CampaignManager/users URI.
CVE-2021-1070
PUBLISHED: 2021-01-26
NVIDIA Jetson AGX Xavier Series, Jetson Xavier NX, TX1, TX2, Nano and Nano 2GB, L4T versions prior to 32.5, contains a vulnerability in the apply_binaries.sh script used to install NVIDIA components into the root file system image, in which improper access control is applied, which may lead to an un...