Just as an FYI – last week, I gave two talks at the OWASP AppSecDC conference which highlight some cutting edge WAF/ModSecurity research I am doing using the Lua API. Here are links to the PPTs -
* Web Application Defense with Bayesian Attack Analysis - http://speakerdeck.com/u/rcbarnett/p/web-application-defense-with-bayesian-attack-analysis-owasp-appsecdc-2012
* Dynamic DAST/WAF Integration - http://speakerdeck.com/u/rcbarnett/p/waf-integration-owasp-appsecdc-2012
Please let me know if anyone has any questions or if you are adventurous and want to try out the PoCs let me know!
Senior Security Researcher
Trustwave - SpiderLabs
ModSecurity Project Lead
This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.