Feeds:
Posts
Comments

ModSecurity 2.5.11

November 10, 2009 by Tedi Heriyanto

ModSecurity version 2.5.11 has been released.

Here are several changes in this release according to the CHANGES file included in the tarball.

  • Added a new multipart flag, MULTIPART_INVALID_QUOTING, which will be set true if any invalid quoting is found during multipart parsing.
  • Fixed parsing quoted strings in multipart Content-Disposition headers. Discovered by Stefan Esser.
  • Cleanup persistence database locking code.
  • Added warning during configure if libcurl is found linked against gnutls for SSL.  The openssl lib is recommended as gnutls has proven to cause issues with mutexes and may crash.
  • Cleanup some mlogc (over)logging.
  • Do not log output filter errors in the error log.
  • Moved output filter to run before other stock filters (mod_deflate, mod_cache, mod_expires, mod_filter) to avoid analyzing modified data in the response.  Patch originally submitted by Ivan Ristic.

I’ve also updated my RPM spec file (for OpenSUSE 11.x).

Posted in Web Security, openSUSE | Leave a Comment »

Snort 2.8.5

September 17, 2009 by Tedi Heriyanto

Snort version 2.8.5 has just been released on September 15, 2009.

Here are the new additions from the previous version :

  • Ability to load a new snort.conf without stopping & restarting Snort.
  • Ability to specify different Snort configurations based on VLAN tags or CIDR blocks.
  • Detection, Rate, and Event filtering. The ‘threshold’ keyword is now deprecated.

Continue Reading »

Posted in InfoSec, tools | Leave a Comment »

Learning Web Application Security with DVWA

September 10, 2009 by Tedi Heriyanto

Since the Indonesian Government and Legislative Body published Cyber Law (UU No. 11/2008) in 2008, there is a potential that one will go to jail because of testing web application belongs to other organization.

Continue Reading »

Posted in InfoSec, Web Security, tools | Leave a Comment »

Older Posts »