mod_security 1.8.7RC2 available
Second release candidate for mod_security 1.8.7 is available for download. I performed a detailed code review (of the new and affected code), fixed small bugs and tightened the code in few places. The fact there are two release candidates this time is a sign mod_security has matured. With a large number of productions deployments I am becoming very conservative with changes. At this point RC2 is pretty much the next stable release minus the documentation. As soon as the documentation is ready I will release 1.8.7.
Apache Security cover and beta chapter available!
The Apache Security cover will feature a horse, I am happy to say. I knew all along my book was going to be an animal book but the identity of the animal was not known until fairly recently. Now that the animal is known and the tagline ("The Complete Guide to Securing Your Apache Web Server") is sorted I decided to publish the cover for everyone to see. The official launch date is less than two weeks from now so I'll save my "it was a difficult job" speech for then.
A beta chapter, Installation and configuration, is also available for download. A part of me wanted to advertise my knowledge by giving away one of the more exciting chapters. But since properly installing and configuring Apache is very important, in the end I decided to give away the less exciting but probably more useful chapter.
AppSec Europe 2005 in London
The OWASP AppSec Europe 2005 conference will be held in April in London. This makes it very easy for me to attend since London is where I live. Not that I wouldn't go if it were anywhere else in Europe: application security is pretty much the only topic I am interested in these days. Looking at the AppSec 2005 agenda, this will be one of the few conferences I will attend and go to most of the talks. And it will be a pleasure to meet some of the people I have communicated in the past few years over the email.
I will be giving two talks at the conference. On day one I will talk about web intrusion detection and ModSecurity. On day two I will talk about application security on the Apache platform. I'll make more details available in the following weeks.