[mod-security-users] Trustwave Acquires Cenzic to Enhance Cloud-based Security Testing Platform - Benefit to ModSecurity

[Ryan B. <RBa...@tr...>]

I wanted to send this out to the mail-list in case you were not aware -
https://www.trustwave.com/Company/Newsroom/News/Trustwave-Acquires-Cenzic-to-Enhance-Cloud-based-Security-Testing-Platform/

The reason I am sending this is that there is a direct benefit here between DAST tools (such as Cenzic) and important that intelligence into a WAF (such as ModSecurity) for virtual patching.  Here are two past blog posts I did on the DAST -> WAF topic using two open source DAST tools -

  *   Arachni -> ModSecurity - http://blog.spiderlabs.com/2011/08/modsecurity-advanced-topic-of-the-week-automated-virtual-patching-script.html
  *   OWASP ZAP -> ModSecurity - http://blog.spiderlabs.com/2012/03/modsecurity-advanced-topic-of-the-week-automated-virtual-patching-using-owasp-zed-attack-proxy.html

I wanted to let the ModSecurity user community know that Trustwave SpiderLabs now has a commercial integration offering with Cenzic HailStorm and ModSecurity WAF.  If you are using both Cenzic and ModSecurity and are interested in more information about this commercial service, please contact me directly via email.

Thanks.

Ryan Barnett
Lead Security Researcher, SpiderLabs

Trustwave | SMART SECURITY ON DEMAND
www.trustwave.com<http://www.trustwave.com/>

________________________________

This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format.