Breach Security Releases Latest Version of ModSecurity(TM) Open Source Web Application Firewall

Breach Security, Inc. the leader in Web application security, today announced the release of the ModSecurity version 2.0 open source Web application firewall. ModSecurity version 2.0 provides greater flexibility, enhanced attack detection, and support for XML and Web Services. At the same time, Breach Security is releasing the ModSecurity Console for monitoring multiple sensors and ModSecurity Core Rules that together provide easy-to-deploy baseline Web application security.

"ModSecurity version 2.0 is the next generation code -- it is a complete rewrite," said Ivan Ristic, chief evangelist, Breach Security, Inc. "I am pleased that the original architecture lasted for several years, but it is now time to move on. The new architecture builds on everything we have learned and paves the way for serving a broader range of organizations with advanced Web application security."

ModSecurity is a highly flexible Web application firewall that can be used for a wide range of functions including Web application monitoring, Web intrusion detection and prevention, as well as "just in time" patching of known vulnerabilities. It can be used embedded into the Apache Web server, or standalone, with the ability to protect multiple Web servers of any type. New capabilities include:

* Session Management: ModSecurity v2.0 can track and monitor user

sessions providing protection against session hijacking and support

for session-based anomaly detection.

* Events correlation: enables detection of attacks spanning multiple

requests such as brute force and denial of service attacks, as well as

attack reconnaissance. This enables ModSecurity v2.0 to block hackers

before they can launch a significant attack.

* Enhanced Analysis Engine: more granular rules facilities provide

focused analysis of specific HTTP components, such as only searching

for a signature in response headers.

* XML Content Analysis: ModSecurity now supports analyzing XML and can be

configured to protect Web Services.

In addition to releasing ModSecurity v2.0, Breach Security also introduced the ModSecurity Core Rules and the ModSecurity Console. With the Core Rules, ModSecurity v2.0 is easier to deploy and delivers immediate protection for Web applications. The Core Rules detect common Web application security issues such as SQL injection, Cross-Site Scripting (XSS) and OS Command Execution. Breach Security has certified the rules set to be effective and efficiently written.

The ModSecurity Console is a network-based tool designed to collect logs and alerts from remote ModSecurity sensors in real-time, providing security analysts with a single interface for monitoring the security of their Web applications. The ModSecurity Console manages up to three sensors. It is offered free-of-charge for a limited time.

"With the availability of ModSecurity v2.0, Breach Security can now serve a broader range of organizations with the new architecture enabling us to deliver on the promise of a Web application firewall for everyone," said Marc Shinbrood, CEO, Breach Security, Inc. "We are proud of Ivan's achievements and will continue to support the development and improvement of the open source Web application firewall."

Going forward, Breach Security will continue to leverage the ModSecurity version 2.0 code base to introduce low cost, in-line Web application firewall appliances to serve the small-to-medium business community. Early next year, the company will deliver enterprise data center appliances for large organizations managing high-volume business critical Web applications.

ModSecurity v2.0, the ModSecurity Console and the Core Rules are all available for download free-of-charge at http://www.modsecurity.org.

About Breach Security, Inc.

Breach Security, Inc. is the leading provider of next-generation Web application security that protects sensitive Web-based information. Breach effectively protects Web applications from Internet hacking attacks and provides an effective solution for emerging security challenges such as identity theft, information leakage, and insecurely coded applications. Breach Security's solutions also support regulatory compliance requirements for security. Founded in 2004, Breach Security is headquartered in Carlsbad, Calif. For more information, please visit: http://www.breach.com.

Breach Security, BreachGate WebDefend and BreachMarks are trademarks of Breach Security, Inc. All other companies' names and product names are trademarks of their respective organizations

Related Articles

• JK Design Launches Enhanced Solaris Health System Web Sites
  16 October 2006



• Performance Technologies Joins Open Source Development Labs (OSDL) Carrier Grade Linux Working Group
  16 October 2006



• The Apache Software Foundation is Latest Technology Leader to Embrace LDAP Standard and Achieve Open Group Certification
  12 October 2006



• Creative Manager Pro Version 8.37 Adds Auto-Billing, Mac OS X 10.4.8 Support, More
  11 October 2006



• Helmi Technologies Launches Open Source RIA Platform for AJAX-Based Rich Internet Applications
  11 October 2006



• Senza Limiti Acquires Ajax-based PHP Grid, Plans to Open Source It
  11 October 2006



• Baynote.org Delivers Business-Ready Open Source Search
  11 October 2006



• Cloudmark Integrates Sun Solaris 10 to Provide the Industry's Most Scalable, Reliable Messaging Security Solution
  10 October 2006



• New Release of CONNX SQL Engine, Version 10.5, Now Supports the IMS Module and Unlocks Enterprise Data on the z/Linux Platform
  10 October 2006



• Cimmetry Releases Linux Version of AutoVue
  10 October 2006



• Agilysys and Red Hat Partner To Deliver Open Source Solutions
  10 October 2006



• LynuxWorks Updates BlueCat Embedded Linux for Improved Performance and Easier Development of Open Source Applications
  10 October 2006



• Enterprise Software Funding and Investment Experts Explore Opportunities in Open Source, SAAS, and Evolving Revenue Models
  10 October 2006



• Open Source Software for the Enterprise Web Conference
  10 October 2006



• IBM Expands Open Source Contributions to Further Enable Web 2.0 Adoption
  10 October 2006