Portable Web Application Firewall Rule Format
The idea behind the project is to design a portable WAF rule format capable of "fixing" the known security issues in web applications. While the only proper solution is always to fix the root cause of a security issue, we must acknowledge that the fix can not be implemented straight away (for all sorts of reasons, some legal, some technical, some practical). It is all about minimizing the window of opportunity - we want to be able to prevent exploitation of a vulnerability practically as soon as it is discovered.
The format will be supported by mod_security, but the idea is that other vendors will support this as a standard rule language.
The WAF rule format specification is currently in rough draft.
- Adobe eSeminar on FuseGuard - October 26, 2011
- FuseGuard Released - Protects your ColdFusion Apps - November 12, 2009
- Web Application Firewall for ColdFusion Launched - March 26, 2009
- Announcing Web Application Firewall for ColdFusion - July 9, 2007
- Why is my cron.daily script not running?
- Announcing FuseGuard Version 3
- CFSummit 2017
- Java Unlimited Strength Crypto Policy for Java 9 or 1.8.0_151
- Java 9 Security Enhancements
- Upcoming CFML Conferences in April 2017
- CFSummit 2016 Slides
- Securing Legacy CFML - dev.Objective() 2016 Slides