New Version of the Modesecurity Web Application Firewall

Breach Security has released the ModSecurity version 2.0 open source Web application firewall. The new version provides greater flexibility, enhanced attack detection, and support for XML and Web Services. At the same time, Breach Security is releasing the ModSecurity Console for monitoring multiple sensors and ModSecurity Core Rules that together provide baseline Web application security.

ModSecurity is a flexible Web application firewall that can be used for a wide range of functions including Web application monitoring, Web intrusion detection and prevention, as well as "just in time" patching of known vulnerabilities. It can be used embedded into the Apache Web server, or standalone, with the ability to protect multiple Web servers of any type. New capabilities include:

• Session management: track and monitor user sessions providing protection against session hijacking and support for session-based anomaly detection
  
• Events correlation: enables detection of attacks spanning multiple requests such as brute force and denial of service attacks, as well as attack reconnaissance, blocking hackers before they can launch a significant attack
  
• Enhanced analysis engine: more granular rules facilities provide focused analysis of specific HTTP components, such as only searching for a signature in response headers
  
• XML content analysis: the firewall offers support for analysing XML and can be configured to protect Web Services.

The ModSecurity Console is a network-based tool designed to collect logs and alerts from remote ModSecurity sensors in real-time, providing security analysts with a single interface for monitoring the security of their Web applications. The ModSecurity Console manages up to three sensors. It is offered free-of-charge for a limited time.

Related links: (Open in a new window.)
www.modsecurity.org
www.breach.com

Taken from Information Security Bulletin.