Dynamic DAST/WAF Integration

Ryan Barnett | 6 Jun 2012 15:03

Dynamic DAST/WAF Integration

I released a blog post yesterday outlining the "Dynamic DAST/WAF Integration" concept that shows how to integrate ModSecurity with the Arachni scanner (http://arachni-scanner.com/) using the Lua API to achieve realtime virtual patching.

http://blog.spiderlabs.com/2012/06/dynamic-dastwaf-integration-realtime-virtual-patching.html

There are links in the blog post that point to the new files in the SF SVN trunk repo if you want give this a try.

Cheers.

Ryan Barnett
Trustwave SpiderLabs

ModSecurity Project Leader
OWASP ModSecurity CRS Project Leader

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
mod-security-users mailing list
mod-security-users <at> lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/