Folks,

Arshan Dabirsiaghi from Aspect deserves the real credit. He wrote this
originally as a stand alone module. We at ESAPI twisted his arm to add
it to ESAPI, and now we are splitting it out. (Sorry Arshan)

- Jim


> Some additional cool news ­ the OWASP Java WAF
> (http://code.google.com/p/owasp-java-waf/) project team (Jim Manico and Juan
> Carlos Calderon) have agreed to work on a ModSecurity porting effort.  This
> means that the OWASP Java WAF will be able to support a subset of the
> ModSecurity Rules Language, and thus, would allow Java web app users to
> directly utilizes the OWASP ModSecurity Core Rule Set (CRS).
> 
> I am excited to work with Jim and Juan Carlos on this effort!
> 
> Thanks guys,
> Ryan
> 
> From:  Tom Brennan <t...@owasp.org>
> Reply-To:  <owasp-lead...@lists.owasp.org>
> Date:  Wed, 30 Mar 2011 10:34:45 -0400
> To:  OWASP Leaders <owasp-lead...@lists.owasp.org>, <sc-l@securecoding.org>
> Cc:  Ryan Barnett <rbarn...@trustwave.com>
> Subject:  [Owasp-leaders] ModSecurity Important Update
> 
>> Guys, 
>>
>>
>> To facilitate further development and technological enhancements, ModSecurity
>> has moved to Apache Software License v2. This non-viral open source license
>> will now make it easier to implement ModSecurity with existing Apache 
>> programs
>> and custom solutions, as well as community users to contribute code updates.
>> This new licensing affects ModSecurity v2.6 (available in SVN trunk
>> repository) and all subsequent code bases.
>> Additional new capabilities currently available in v2.6 include:
>> * Google Safe-Browsing API Integration: Protection for users and content
>> providers from malicious links
>> * Sensitive Data Tracking: Ability to identify and track US Social Security
>> numbers
>> * Data Modification: Ability to change data on-the-fly, before delivery, in
>> order to better control outgoing content according to security policies
>> For more information see:
>>
>> https://www.trustwave.com/pressReleases.php?n=new-modsecurity-release-includes
>> -key-data-protection-advancements
>>
>> and
>>
>>
> http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Projec>
> t
>>
>> - Brennan
>> _______________________________________________ OWASP-Leaders mailing list
>> owasp-lead...@lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> 
> 
> 
> 
> _______________________________________________
> OWASP-Leaders mailing list
> owasp-lead...@lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates
_______________________________________________

Reply via email to