Hello! I'm Andrew, a:
among other things.
Talk to me about WAF consultancy and ModSecurity WAFs!
🖄
andrew [at] ahowe.org
GitHub | LinkedIn | Stack Overflow | Alignment | 🔑 PGP key
Interview: Meet the CRS team: Andrew, the technical writer who loves Eurovision and Doom II
Release announcement at coreruleset.org:
CRS
version 4.0.0 release candidate 2 available
Release announcement at coreruleset.org:
CRS
version 3.3.5 released
CVE blog post at coreruleset.org:
CVE-2023-38199
– Multiple Content-Type Headers
Why you shouldn't lose sleep over the commercial end-of-life of ModSecurity
Three scenarios for implementing time-based security and content switching on your load balancer
Report back from the OWASP Core Rule Set Community Summit and OWASP Global AppSec Dublin 2023
Co-wrote CVE advisories and blog post over at coreruleset.org:
CRS
Version 3.3.3 and 3.2.2 (covering several CVEs)
Handling large requests with a WAF while avoiding denial-of-service attacks
Achieving unrivaled performance with media and video streaming on demand
Simplifying web application security with the Core Rule Set v3
The importance of outreach: Introducing students to load balancing
(With video) Extending ModSecurity: How to add completely custom WAF functionality
I discovered my first CVE-worthy vulnerability!
Announcing
CVE-2021-35368: OWASP ModSecurity Core Rule Set Bypass
(With video) Layer 4 vs Layer 7 load balancing - we still love DSR, but…
Security through geography: blocking traffic by country, continent, or IP address using ModSecurity