Re: [mod-security-users] (no subject)
Brought to you by:
victorhora,
zimmerletw
Menu
▾
▴
Re: [mod-security-users] (no subject)
|
From: Chaim S. <CSa...@tr...> - 2015-02-01 18:06:46
|
Good afternoon Asaf, ModSecurity can be used to add protection against CSRF attacks. The basic premise is outlined here: http://blog.spiderlabs.com/2011/01/detecting-malice-with-modsecurity-csrf-attacks.html. A similar approach can be used to prevent replay attacks by adding a unique token for each request. As far as a demo this mailing list is designated for community support for ModSecurity. For anything beyond this purpose, including requests for Trustwave services we ask that you please email us directly at security[at]modsecurity.org. Thank you. Chaim Sanders Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com<http://www.trustwave.com/> From: Asaf Tvito [mailto:Asa...@mc...] Sent: Sunday, February 1, 2015 8:33 AM To: mod...@li... Subject: [mod-security-users] (no subject) Hi, We are interesting in your product ModSecurity and would like to test it In order to integrate it into our system. We have some questions: 1. Does your product support protection against Replay messages (meaning resubmitting the same message again). 2. Does your product support protection against CSRF attack. 3. I would like to schedule a demo with your tactical team if this possible. You can reach me over the phone: Located at Israel: 972 - 0523803798 Thanks, Asaf ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |
