Nice ;)

By the way, maybe you should implement a "SecEncryptionSecondaryKey" directive in order to assure smooth transition when the key is changed, otherwise, all urls and forms generated with the previous key will be invalid.

Rm4dillo

On Tue, Jul 24, 2012 at 6:20 PM, Breno Silva <breno.silva@gmail.com> wrote:
Hello all,

FYI - We posted a new blog post http://blog.spiderlabs.com/2012/07/reducing-web-apps-attack-surface.html

Thanks

Breno

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
mod-security-users mailing list
mod-security-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mod-security-users
Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs:
http://www.modsecurity.org/projects/commercial/rules/
http://www.modsecurity.org/projects/commercial/support/