It has been a couple of weeks since we released those, but now that hardcore ModSecurity users have hopefully found all the bugs, I would like to announce that the ModSecurity project has three new products for free: - ModSecurity 2.0, an open source web application firewall, is finally officially out. The new release is a major rewrite and includes XML support, event correlation, transaction scoring, anomaly detection, data persistence, wealth of anti-evasion functions, regex back-references, support for sessions, and many more. - ModSecurity Core Rule Set is a 1st shot at giving a base protection out of the box to ModSecurity users. ModSecurity is an application security engine, but it requires rules to actually provide protection. The core rule set enables immediately deployment of ModSecurity and is available under GPL license and supports ModSecurity 2.0. - ModSecurity console is a web based event aggregator for ModSecurity that enables you to collect events from multiple ModSecurity installation, view the events and generate reports based on them. It is available for free for up to 3 sensors. All products are available on the ModSecurity web site at www.modsecurity.org. Support for all these products on a best effort base from the Community and from Breach Security through the ModSecurity mailing list. ~ Ofer Shezaf Ofer Shezaf CTO, Breach Security http://www.modsecurity.org http://www.breach.com ofers@xxxxxxxxxx
