[WEB SECURITY] Fwd: [SC-L] OWASP Podcast #6: WAFs
gazheyes at gmail.com
Fri Feb 6 18:03:22 EST 2009
2009/2/6 Ryan Barnett <rcbarnett at gmail.com>
> I agree with this concept and actually it is something that we have been
> discussing for ModSecurity. We will most likely get something setup in the
> near future. In the meantime, the fact is that since ModSecurity is open
> source so there is nothing stopping anyone from downloading it (and the Core
> Rule Set) and conducting their own tests for evasions, etc... If you do
> find any issues, just let us know.
Cool good to know, remember to post a demo when you get one going. I'd
suggest a clear demo link on your front page along with a contact form,
email or ideally post it to slackers and accept full disclosure.
Again that's not really my job to do. Download it, setup a vulnerable
application and pen test it. However if you have a demo and I have spare
time I'm sure I'll have a look :P
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the websecurity