OSCOM Talks Presentations Uploaded
I am almost ready to leave for OSCOM. Unfortunately, I can only be there on Friday but that will be enough to 1) give my talks and 2) see some people I only know from email. My throat is probably going to be very sore because as I am giving two consecutive talks. Oh well. Anyway, I've uploaded the PPT and PDF versions of both presentations (that's Threat Modelling For Web Applications and Challenges of Web Intrusion Detection) to http://www.thinkingstone.com/talks/. Have a go and let me know what you think.
Portable web firewall rule format
For some time now I've been working on a portable web firewall rule format as part of the OASIS WAS technical committee. It's been going on for much longer than I anticipated, mainly because there is so much *other* work to do. But that's not necessarily a bad thing. That other stuff I did actually helped me design a better format. You see, my first attempts were overly ambitious and too complicated. They may have been technically more able but it is usually more important for a standard to be simple than foolproof. Just look at HTTP.
Anyway, I've decided to upload the latest version online and seek comments. There are many people/companies involved with web application firewalls so getting a format that really works for all of us is something that interest me a lot. If you are interested first have a look at the informal definition, then the schema, and then at one complete example.