ModSecurity is a free, open source web application firewall engine for Apache that is continuously developed and managed by SpiderLabs, Trustwave’s advanced security team. This open source technology enforces security policies to web transactions, reducing the risk of a web-based attack. As an open source technology, users and developers alike contribute to the community to help maintain a sustainable solution that defends web applications.
“The proliferation of web applications used daily by organisations has made it imperative that they properly defend themselves against web-based attacks. ModSecurity allows organisations to do just this, and is continually updated to ward off the latest threats, by both SpiderLabs and the open source community,” says Martin Tassev, MD at LOOPHOLD Security Distribution.
To facilitate further development and technological enhancements, ModSecurity has moved to Apache Software License v2. This non-viral open source license will now make it easier to implement ModSecurity with existing Apache programs and custom solutions, as well as community users to contribute code updates. This new licensing affects ModSecurity v2.6 (available in SVN trunk repository) and all subsequent code bases.
Additional new capabilities currently available in v2.6 include:
• Google Safe-Browsing API Integration
• Data Modification: Ability to change data on-the-fly