Breach Security Releases Latest Version of ModSecurity Open-Source Web Application Firewall

ModSecurity version 2.5 offers better performance, automated rule updates and enhancements to the rule language

CARLSBAD, Calif., March 24, 2008 — Breach Security, Inc., the leader in web application security, today announced the latest version of its open-source ModSecurity web application firewall, the most deployed web application firewall in the world with over 15,000 users. The latest release, ModSecurity v2.5, offers a significant improvement in performance using set-based parallel text matching, as well as automated rule update capabilities, and a robust scripting language interface. New features include detection of credit card numbers and the ability to set policy based on the geography of an attacker.

“This latest version of ModSecurity was built with enhanced performance and flexibility to meet the demands of protecting web applications in high-volume deployments,” said Ivan Ristic, ModSecurity author and chief evangelist for Breach Security, Inc. “ModSecurity v2.5 delivers improved performance to run efficiently in front of high-traffic websites along with greater flexibility—users can now write rules that best address the complex vulnerabilities specific to their environments.”

Using set-based parallel matching, ModSecurity now processes requests much faster while using fewer resources. With ModSecurity v2.5, users can incorporate large lists of patterns, such as spam keywords and black-listed IP addresses into ModSecurity with very little effort and without impacting performance.

In addition to performance enhancements, the new version also features an automated rule updates capability. ModSecurity deployments frequently rely on rule sets obtained from third-party developers, for example, Breach Security distributes ModSecurity Core Rules freely under GPLv2. While the installation of these rule sets is quick and easy, maintenance can be difficult and time consuming. Because changes and new discoveries are frequent in the dynamic field of web application security, the high cost of rule set maintenance is effectively reducing the usefulness of web application firewalls. To help address this problem, ModSecurity v2.5 includes a tool that can be used to periodically check a ModSecurity Rules Server to ensure that rules are up-to-date.

ModSecurity v2.5 also includes LUA, a high-speed scripting language commonly used in the gaming world. By incorporating a full-blown scripting language, ModSecurity provides more flexibility to rules writers. LUA can be used to add custom anti-evasion transformations specific to the protected application, perform complex logic between conditions and apply mathematical expressions to parameters before validating them.

New key features in ModSecurity v2.5 include:

  • Performance improvements: Transformation function caching–transformation functions are an important feature of ModSecurity as they allow rules to be resistant to evasion; however, they affect rules’ execution speed. Caching the result of transformation functions enables using them freely in rules without impacting performance, facilitating more robust and secure rules.
  • Credit card number detection: Using the industry standard LUHN formula, ModSecurity can now accurately detect credit card numbers by verifying that detected patterns are valid credit card numbers.
  • Rules based on geographical lookup of client IP addresses: A ModSecurity rule can now allow setting policy using the geography of the client accessing the website. For example, ModSecurity can block out-of-country requests, limit them to more restricted functionality or simply log the geographic information.
  • Content injection: ModSecurity can add content to HTML replies based on rules. Possible applications for HTML injections within server responses include client-side input validation, CSRF mitigation and client-side reconnaissance.

Other new features include:

  • Better exceptions management allowing separation between third-party rule sets such as Breach Security Core Rule Set and site-specific customization.
  • Support for central audit and audit resiliency by sending audit log data to multiple external monitoring systems such as a ModSecurity Management Appliance.
  • New transformation functions added to help combat common evasion tactics used by current web attackers.
  • PDF Universal XSS protection—uses a one-time cryptographic token to ensure that PDF files do not have client-side XSS associated with them on the client.

About Breach Security

Breach Security, Inc. is the leading provider of real-time, continuous web application security that protects sensitive web-based information. Breach Security’s products protect web applications from hacking attacks and data leakage, and ensure applications operate as intended. The company’s products are trusted by thousands of organizations around the world, including leaders in finance, healthcare, ecommerce, travel and government. For more information, please visit www.breach.com.

###

Breach Security and ModSecurity are trademarks of Breach Security, Inc. All other brand, product and service names are the trademarks, registered trademarks or service marks of their respective owners.