Folks, Arshan Dabirsiaghi from Aspect deserves the real credit. He wrote this originally as a stand alone module. We at ESAPI twisted his arm to add it to ESAPI, and now we are splitting it out. (Sorry Arshan)
- Jim > Some additional cool news the OWASP Java WAF > (http://code.google.com/p/owasp-java-waf/) project team (Jim Manico and Juan > Carlos Calderon) have agreed to work on a ModSecurity porting effort. This > means that the OWASP Java WAF will be able to support a subset of the > ModSecurity Rules Language, and thus, would allow Java web app users to > directly utilizes the OWASP ModSecurity Core Rule Set (CRS). > > I am excited to work with Jim and Juan Carlos on this effort! > > Thanks guys, > Ryan > > From: Tom Brennan <t...@owasp.org> > Reply-To: <owasp-lead...@lists.owasp.org> > Date: Wed, 30 Mar 2011 10:34:45 -0400 > To: OWASP Leaders <owasp-lead...@lists.owasp.org>, <sc-l@securecoding.org> > Cc: Ryan Barnett <rbarn...@trustwave.com> > Subject: [Owasp-leaders] ModSecurity Important Update > >> Guys, >> >> >> To facilitate further development and technological enhancements, ModSecurity >> has moved to Apache Software License v2. This non-viral open source license >> will now make it easier to implement ModSecurity with existing Apache >> programs >> and custom solutions, as well as community users to contribute code updates. >> This new licensing affects ModSecurity v2.6 (available in SVN trunk >> repository) and all subsequent code bases. >> Additional new capabilities currently available in v2.6 include: >> * Google Safe-Browsing API Integration: Protection for users and content >> providers from malicious links >> * Sensitive Data Tracking: Ability to identify and track US Social Security >> numbers >> * Data Modification: Ability to change data on-the-fly, before delivery, in >> order to better control outgoing content according to security policies >> For more information see: >> >> https://www.trustwave.com/pressReleases.php?n=new-modsecurity-release-includes >> -key-data-protection-advancements >> >> and >> >> > http://www.owasp.org/index.php/Category:OWASP_ModSecurity_Core_Rule_Set_Projec> > t >> >> - Brennan >> _______________________________________________ OWASP-Leaders mailing list >> owasp-lead...@lists.owasp.org >> https://lists.owasp.org/mailman/listinfo/owasp-leaders > > > > > > _______________________________________________ > OWASP-Leaders mailing list > owasp-lead...@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-leaders _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. Follow KRvW Associates on Twitter at: http://twitter.com/KRvW_Associates _______________________________________________
