Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Application Security

Open Source WAF ModSecurity Adds IIS, Ngix Support

Black Hat 2012

Trustwave and Microsoft Team to Bring Open-Source Web Application Firewall ModSecurity To IIS and Ngix Web Servers

Black Hat 2012

Trustwave and Microsoft Team to Bring Open-Source Web Application Firewall ModSecurity To IIS and Ngix Web Servers

LAS VEGAS – BLACK HAT USA – The highly popular open source WAF (Web Application Firewall), largely found on Apache deployments, has finally come to IIS thanks to a collaboration between Microsoft and Trustwave. In addition, Trustwave also announced that Nginx would also be supported by the ModSecurity project.

ModSecurity is a standard webserver defense, leveraging pre-defined rules that prevent scores of Web-based attacks, which can be both automated and manual. Over the years, ModSecurity has been maintained by a large community of developers, rule writers, and engineers from Trustwave. Yet, for the longest time it was only available for Apache.

Granted, Apache is widely used online, and is the world’s largest webserver platform. But plenty of IIS and Nginx deployments exist online, and many have been targeted by attacks that would have been stopped by even the most basic of ModSecurity rules. Now, server admins have the option to layer their defenses even further.

Moreover, since Trustwave is part of MAPP, they are able to deploy and develop rules for IIS as needed in advance of Microsoft’s monthly patch cycle.

In October 2011, NGIX said its web server, known for its speed, powered over 20% of the top 1,000 biggest websites, including Facebook, Groupon, LivingSocial, Hulu, Dropbox and WordPress.

“Having ModSecurity available for these additional platforms will help organizations protect their Web applications from attacks,” said Nicholas J. Percoco, senior vice president and head of Trustwave SpiderLabs. “As the principal custodian of the ModSecurity open source product, we believe this new support for Microsoft IIS and Nginx will further expand the popularity of theindustry’s open-source Web application firewall.”

ModSecurity is available under the Apache License v2.0. It’s free to use and is supported via several channels. Additional details are here

Advertisement. Scroll to continue reading.

Related ReadingWeb Application Firewalls – Three Benefits You May Not have Considered

Related ReadingWhy Web Application Firewalls Are Not the Enemy of the SDLC

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Black Hat

Black Hat 2019 recently wrapped in Las Vegas, where somewhere between 15,000 and 20,000 experts descended to experience the latest developments in the world...

Black Hat

Cris Thomas, also known as Space Rogue, was a founding member of the Lopht Heavy Industries hacker collective.

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.