[Owasp-leaders] Call for Assistance: ModSecurity for Java

Ryan Barnett ryan.barnett at owasp.org
Fri Dec 7 21:25:20 UTC 2012


Greetings leaders,
As you probably know, this past summer we have successfully ported
ModSecurity code to both IIS and Nginx platforms.  With platform coverage
now at ~85% (combining Apache+IIS+Nginx according to Netcraft) this allows
more people to use the OWASP ModSecurity CRS.

The next platform we have in our sights is Java (Tomcat for instance).
Currently, organizations have to front-end their Tomcat servers with
standard Apache+ModSecurity and then either proxy or use ajp to forward
traffic to their Java/Tomcat apps.  We are looking for a way to add
ModSecurity directly into the Java platform.  One idea we want to research
is using JNI in a Tomcat filter to call up the "Standalone" ModSecurity DLLs
we developed for the IIS port.

If any Java folks are interested in helping us to develop an integration of
ModSecurity into Java, please let me know.

Thanks for your help.

--
Ryan Barnett
OWASP ModSecurity CRS Project Lead


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20121207/bce5c105/attachment.html>


More information about the OWASP-Leaders mailing list