03-10-2010 15:51
Bejtlich OWASP Podcast Posted
My appearance on OWASP Podcast 61 is available.
The .mp3 is 36 MB. Thanks to Jim Manico for inviting me to participate.
We recorded the podcast in late January. Jim asked me the following questions:
Would you care to tell us how did you get into IT and what lead you into a career in information security? What keeps you busy these days?
What's the difference between focusing on threats vs focusing on vulnerabilities?
What is your problem with the "protect the data" mindset?
What do you mean by "building visibility in"?
What is your take on the Aurora/Google hack?
You just tweeted that "Network Security Monitoring ideology is the proper mechanism to combat APT/APA". Do you think network IPS/IDS/WAF can help defend insecure web applications? What are the limits of Network Security Monitoring?
How important a role do you think secure coding and secure software development life-cycle play in defending the enterprise?
Have HIPAA, PCI, SOX and other regulations helped reduce risk in the average enterprise?
Is seems pretty clear that attackers have a clear advantage. Why is that? How can we turn the tide?
Any thoughts on OWASP? Are we helping the cause?
Where are we going to be as an industry in 10 years?
You blogged that "The trustworthiness of a digital asset is limited by the owner's capability to detect incidents compromising the integrity of that asset." Given that we don't have any high integrity database, identities or application servers - how do you detect a breach of integrity when there is no verifiable integrity in the system in the first place?
Copyright 2003-2009 Richard Bejtlich and TaoSecurity (taosecurity.blogspot.com and www.taosecurity.com)
OWASP ::
Feed!
Povezani zapisi:
08-27-2010 20:38
*As your project reaches a point that you'd like OWASP to assist in its promotion, the [[Global Projects Committee|OWASP Global Projects Committee]] will need the following to help spread the word about your project: ...
Feed!
08-27-2010 20:38
*As your project reaches a point that you'd like OWASP to assist in its promotion, the [[Global Projects Committee|OWASP Global Projects Committee]] will need the following to help spread the word about your project: ...
Feed!
08-27-2010 21:50
Greetings everyone,
I wanted to announce the availability of the OWASP ModSecurity CRS v2.0.8.
You can also use the util/rules-updater.pl script to auto-download thelatest ZIP archive (see the rules-updater-example.conf file for Repo data).
TESTING -
We have integrated the new CRS into the Demo page to help facilitate
community testing -
http://www.modsecurity.org/demo/
CHANGES -
--------------------------
Version 2.0.8 - 08/27/2010
--------------------------
Improvements:
- Updated the PHPIDS filters
- Updated the SQL Injection filters to detect boolean attacks (1<2, foo ==
bar, etc..)
- Updated the SQL Injection filters to account for different quotes
- Added UTF-8 encoding validation support to the
modsecurity_crs_10_config.conf file
- Added Rule ID 950109 to detect multiple URL encodings
- Added two experimental rules to detect anomalous use of special characters
Bug Fixes:
- Fixed Encoding Detection RegEx (950107 and 950108)
- Fixed rules-updater.pl script to better handle whitespace
https://www.modsecurity.org/tracker/browse/MODSEC-167
- Fixed missing pass action bug in
modsecurity_crs_21_protocol_anomalies.conf
https://www.modsecurity.org/tracker/browse/CORERULES-55
- Fixed the anomaly scoring in the modsecurity_crs_41_phpids_filters.conf
file
https://www.modsecurity.org/tracker/browse/CORERULES-54
- Updated XSS rule id 958001 to improve the .cookie regex to reduce false
postives
https://www.modsecurity.org/tracker/browse/CORERULES-29
Feed!
08-27-2010 21:50
Greetings everyone,
I wanted to announce the availability of the OWASP ModSecurity CRS v2.0.8.
You can also use the util/rules-updater.pl script to auto-download thelatest ZIP archive (see the rules-updater-example.conf file for Repo data).
TESTING -
We have integrated the new CRS into the Demo page to help facilitate
community testing -
http://www.modsecurity.org/demo/
CHANGES -
--------------------------
Version 2.0.8 - 08/27/2010
--------------------------
Improvements:
- Updated the PHPIDS filters
- Updated the SQL Injection filters to detect boolean attacks (1<2, foo ==
bar, etc..)
- Updated the SQL Injection filters to account for different quotes
- Added UTF-8 encoding validation support to the
modsecurity_crs_10_config.conf file
- Added Rule ID 950109 to detect multiple URL encodings
- Added two experimental rules to detect anomalous use of special characters
Bug Fixes:
- Fixed Encoding Detection RegEx (950107 and 950108)
- Fixed rules-updater.pl script to better handle whitespace
https://www.modsecurity.org/tracker/browse/MODSEC-167
- Fixed missing pass action bug in
modsecurity_crs_21_protocol_anomalies.conf
https://www.modsecurity.org/tracker/browse/CORERULES-55
- Fixed the anomaly scoring in the modsecurity_crs_41_phpids_filters.conf
file
https://www.modsecurity.org/tracker/browse/CORERULES-54
- Updated XSS rule id 958001 to improve the .cookie regex to reduce false
postives
https://www.modsecurity.org/tracker/browse/CORERULES-29
Feed!
| |
|
|
|
