Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

4/4/2011
01:10 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

ModSecurity WAF Gets New Features

ModSecurity is a free, open-source web application firewall engine for Apache

CHICAGO (March 30, 2011) – Trustwave, a leading provider of information security and compliance solutions, today announced updates and feature enhancements to ModSecurity, the most widely deployed web application firewall.

ModSecurity is a free, open source web application firewall (WAF) engine for Apache that is continuously developed and managed by SpiderLabs, Trustwave’s advanced security team. This open source technology enforces security policies to web transactions, reducing the risk of a web-based attack. As an open source technology, users and developers alike contribute to the community to help maintain a sustainable solution that defends web applications.

To facilitate further development and technological enhancements, ModSecurity has moved to Apache Software License v2. This non-viral open source license will now make it easier to implement ModSecurity with existing Apache programs and custom solutions, as well as community users to contribute code updates. This new licensing affects ModSecurity v2.6 (available in SVN trunk repository) and all subsequent code bases.

Additional new capabilities currently available in v2.6 include:

>> Google Safe-Browsing API Integration: Protection for users and content providers from malicious links

>> Sensitive Data Tracking: Ability to identify and track US Social Security numbers

>> Data Modification: Ability to change data on-the-fly, before delivery, in order to better control outgoing content according to security policies

“As the primary custodians of ModSecurity, we are responsible for providing the best possible user experience,” said Robert J. McCullen, chairman and CEO of Trustwave. “These enhancements provide users and contributors with a more secure web application firewall to help protect their organizations from attack.”

“As an Apache module, the transition to Apache Software License v2 will help cloud security providers implement ModSecurity to protect their customers web-based assets,” said Nicholas J. Percoco, senior vice president and head of SpiderLabs. “As we continue to develop and enhance ModSecurity, we’re making source code available to encourage users and contributors to try the new version.”

Please visit the ModSecurity SVN Repository [http://mod-security.svn.sourceforge.net/viewvc/mod-security/m2/trunk/] to download the latest version of ModSecurity.

About Trustwave

Trustwave is a leading provider of on-demand and subscription-based information security and payment card industry compliance management solutions to businesses and government entities throughout the world. For organizations faced with today's challenging data security and compliance environment, Trustwave provides a unique approach with comprehensive solutions that include its flagship TrustKeeper' compliance management software and other proprietary security solutions including EV SSL certificates and secure digital certificates. Trustwave has helped thousands of organizations–ranging from Fortune 500 businesses and large financial institutions to small and medium-sized retailers-manage compliance and secure their network infrastructure, data communications and critical information assets. Trustwave is headquartered in Chicago with offices throughout North America, South America, Europe, Africa, Asia and Australia. For more information, visit https://www.trustwave.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-35210
PUBLISHED: 2021-06-23
Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end.
CVE-2021-27649
PUBLISHED: 2021-06-23
Use after free vulnerability in file transfer protocol component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to execute arbitrary code via unspecified vectors.
CVE-2021-29084
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in Security Advisor report management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29085
PUBLISHED: 2021-06-23
Improper neutralization of special elements in output used by a downstream component ('Injection') vulnerability in file sharing management component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to read arbitrary files via unspecified vectors.
CVE-2021-29086
PUBLISHED: 2021-06-23
Exposure of sensitive information to an unauthorized actor vulnerability in webapi component in Synology DiskStation Manager (DSM) before 6.2.3-25426-3 allows remote attackers to obtain sensitive information via unspecified vectors.