Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/4/2011
01:10 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

ModSecurity WAF Gets New Features

ModSecurity is a free, open-source web application firewall engine for Apache

CHICAGO (March 30, 2011) – Trustwave, a leading provider of information security and compliance solutions, today announced updates and feature enhancements to ModSecurity, the most widely deployed web application firewall.

ModSecurity is a free, open source web application firewall (WAF) engine for Apache that is continuously developed and managed by SpiderLabs, Trustwave’s advanced security team. This open source technology enforces security policies to web transactions, reducing the risk of a web-based attack. As an open source technology, users and developers alike contribute to the community to help maintain a sustainable solution that defends web applications.

To facilitate further development and technological enhancements, ModSecurity has moved to Apache Software License v2. This non-viral open source license will now make it easier to implement ModSecurity with existing Apache programs and custom solutions, as well as community users to contribute code updates. This new licensing affects ModSecurity v2.6 (available in SVN trunk repository) and all subsequent code bases.

Additional new capabilities currently available in v2.6 include:

>> Google Safe-Browsing API Integration: Protection for users and content providers from malicious links

>> Sensitive Data Tracking: Ability to identify and track US Social Security numbers

>> Data Modification: Ability to change data on-the-fly, before delivery, in order to better control outgoing content according to security policies

“As the primary custodians of ModSecurity, we are responsible for providing the best possible user experience,” said Robert J. McCullen, chairman and CEO of Trustwave. “These enhancements provide users and contributors with a more secure web application firewall to help protect their organizations from attack.”

“As an Apache module, the transition to Apache Software License v2 will help cloud security providers implement ModSecurity to protect their customers web-based assets,” said Nicholas J. Percoco, senior vice president and head of SpiderLabs. “As we continue to develop and enhance ModSecurity, we’re making source code available to encourage users and contributors to try the new version.”

Please visit the ModSecurity SVN Repository [http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/] to download the latest version of ModSecurity.

About Trustwave

Trustwave is a leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper' compliance management software and other proprietary security solutions including EV SSL certificates and secure digital certificates. Trustwave has helped thousands of organizations–ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers-manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit https://www.trustwave.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-20934
PUBLISHED: 2020-11-28
An issue was discovered in the Linux kernel before 5.2.6. On NUMA systems, the Linux fair scheduler has a use-after-free in show_numa_stats() because NUMA fault statistics are inappropriately freed, aka CID-16d51a590a8c.
CVE-2020-29368
PUBLISHED: 2020-11-28
An issue was discovered in __split_huge_pmd in mm/huge_memory.c in the Linux kernel before 5.7.5. The copy-on-write implementation can grant unintended write access because of a race condition in a THP mapcount check, aka CID-c444eb564fb1.
CVE-2020-29369
PUBLISHED: 2020-11-28
An issue was discovered in mm/mmap.c in the Linux kernel before 5.7.11. There is a race condition between certain expand functions (expand_downwards and expand_upwards) and page-table free operations from an munmap call, aka CID-246c320a8cfe.
CVE-2020-29370
PUBLISHED: 2020-11-28
An issue was discovered in kmem_cache_alloc_bulk in mm/slub.c in the Linux kernel before 5.5.11. The slowpath lacks the required TID increment, aka CID-fd4d9c7d0c71.
CVE-2020-29371
PUBLISHED: 2020-11-28
An issue was discovered in romfs_dev_read in fs/romfs/storage.c in the Linux kernel before 5.8.4. Uninitialized memory leaks to userspace, aka CID-bcf85fcedfdd.