jwall.org
This site is mainly dedicated to some of the helper-tools I developed during my diploma thesis at the University of Dortmund. The thesis was about anomaly detection in web-applications, which since then became my active area of research for my Ph.D.
Recent Blog Entries
Positive Security Models and ModSecurity | Wed Dec 10 21:04:19 CET 2008 |
The ModSecurity Apache tools is a powerful and effective weapon against a variety of threats to web-applications - if setup properly and fitted with the right rulesets. Unfortunately does the creation of rulesets require a lot of low-level expert knowledge, which makes rules often appear complicated and error-prone.
In this blog-post I want to introduce the concept of abstract web-application profiles and provide an easy tutorial on how rulesets can be enhanced using white-listing approaches and the WebProfileEditor, developed at jwall.org. More... | |
Speaking at OWASP Conference in Frankfurt | Fri Nov 28 09:31:45 CET 2008 |
Thanks to Thomas, Boris and Georg for re-launching the OWASP chapter Germany! The first
German conference on Web-Application Security raised big interest, taking into account the little preparation time.
Having been a passive observer of OWASP and its activities in the last years I have been given the opportunity to actively take part at the OWASP conference in Frankfurt.
More... | |
BugFixes in web-audit Library and AuditViewer | Wed Nov 19 17:51:22 CET 2008 |
A few bugs have been reported in the AuditViewer all of which were related to errors in the web-audit library. These have been fixed in the current release 0.2.15 of the library.
The lastest binary release (0.3.3c) of the AuditViewer now does include the 0.2.15 version of the audit library and the bugfixes.
More... | |