A new book on ModSecurity is on it's way, expected this Nov. The nice folks at Pakt Publishing contacted me and I'll receive a copy as soon as it's launched. Of course I will review it on this blog but until then, a short look under the bonnet :

Title :  ModSecurity 2.5
Author: Magnus Mischel
Publisher : Packt Publishing

Having worked mostly with commercial Web Application Firewalls such as Imperva and F5, I'm eager to see how ModSecurity lives up it's reputation and how one can save lots of time and money by implementing a robust open source WAF adapted to today's threats.

From publisher's presentation:

A complete guide to using ModSecurity, this book will show you how to secure your web application and server, and does so by using real-world examples of attacks currently in use.

Sounds like fun !

It's been a long time since my last post and If I look back at it, I was writing about NetWitness.

Today, I was notified that NetWitness released NextGen version 9. Since I liked version 8 so much, let me write here the new features offered in version 9.0 :

• NetWitness Identity – provides the ability to easily correlate IP addresses in network sessions to end-user directory credentials – fusing an organization’s Active Directory to offer a real-time 4-1-1 lookup capability. As a result, security staff can link compromised machines and inappropriate network behavior to a user’s actual identity.
• Support for 802.11 Wireless Capture – initially supported under the portable NextGen Eagle platform, this capability will be available on all NextGen 9.0 capture platforms. This new capability supports WEP in-line decryption and will support WPA decryption under an upcoming service pack.
• 10Gbps Network Support – building off of real-world experiences with massive government, commercial and service provider networks, unlike other products in this space, NextGen 9.0 includes support for both capture and real-time analysis on 10Gbps networks.
• Expanded authentication options – NextGen 9.0 supports Linux PAM, providing pluggable authentication modules that connect the NextGen infrastructure to customer authentication frameworks such as Kerberos for Windows and Unix environments, LDAP, Radius and many others.
• Expanded enterprise management – NextGen 9.0 introduces a new administrative dashboard that enables comprehensive insight into global health across all connected appliances. This includes real-time feedback and charting for all system metrics, and expanded interfaces for managing configuration parameters, rules, alerts, parsers, feeds, and software updates across all devices from a single location.

Let's hope that NetWitness Investigator (free download here) will be soon upgraded to version 9 as well just because it's such an awesome tool

• Just registered for the 2PM session RT @netwitness: Registration now open for live webinar w/ Eddie Schwartz (July 23) http://bit.ly/2xqW8H #
• big day next Wed. doing a live demo on @arcsight + @encase and hopefully @netwitness , all of them working together in sweet harmony #
• crawling (yawn..) trough EnCase on demand training.. . shouldn’t be prerequisites for this course ? at least what is a bit / byte .. #
• is any @webex audio link so crappy just because I’m not in US ? both builtin audio and phone links are jammed / fragmented most of the time #
• RT @GFISoftware: giving away a free GFI t-shirt to 20 lucky winners! Follow & RT this for your chance to win – http://tr.im/sqqH #
• attending Application Security tech webinar; way much better audio on gotowebinar compared to @imperva webex session earlier. #
• @WebEx I’m afraid you are not following me, so no can do DM . Please try http://www.dragoslungu.com for contact as I can help troubleshoot this in reply to WebEx #
• RT @securityshell: RT @pauldotcom Slides & Audio now available for “Using Nessus In Web App Testing” http://bit.ly/171oCu #
• @WebEx event no. 799 408 473 went terribly wrong, almost no audio at all (was a webinar with many attendees) in reply to WebEx #
• @flibeau are u happy happy happy ? congratz http://bit.ly/TBH5i #

Powered by Twitter Tools.

• Reading: “VirusTotal – Free Online Virus and Malware Scan” – good stuff – ( http://bit.ly/ZYJ1I ) #
• watching recorded 06/11/09 Narus webminar http://bit.ly/P1kBs – lots of stuff in traffic intelligence for me in the past days #
• excited about traffic analysis & intelligence data mining. So far I’m studying NetWitness and Narus. Anybody else I should look at? #
• testing Maltego .. addictive and yes, I looked up my name & blog first #
• I just entered to win an iPhone 3GS being given away by @briannorgard to enter: http://twitthis.com/briannorgard #
• @LauraChappell Thank you for all the effort to deliver this webminar ! Looking forward to begin in reply to LauraChappell #
• Just added myself to the http://wefollow.com twitter directory under: #security #infosec #blogger #
• embarking on the EnCE cert path .. lots of work ahead #
• making my way trough the @encase on demand training.. cool stuff #
• @4mede icognito on twitter ? welcome & looking forward for your tweets #

Powered by Twitter Tools.