Archive: 2009

Testing for SSL renegotiation
December 15, 2009
HTTP parser for intrusion detection and web application firewalls
November 30, 2009
Clientless SSL VPN products break the Web
November 30, 2009
ModSecurity Handbook available for pre-order and early access
November 26, 2009
Initial test for SSL renegotiation added to SSL Labs
November 17, 2009
Announcing ModSecurity Handbook
November 16, 2009
Not just CSRF: SSL Authentication Gap used for credentials theft
November 14, 2009
Planned usability improvements for ModSecurity 2.6
November 12, 2009
SSL and TLS Authentication Gap vulnerability discovered
November 05, 2009
Entropy on a USB stick
October 01, 2009
The key to successful WAF deployment is getting the ownership right
September 30, 2009
Analysis of Elliptic Curve support in current browsers
September 29, 2009
SSL Labs: Improved Elliptic Curve and TLS 1.2 detection
September 22, 2009
SSL Threat Model
September 09, 2009
Two bugs in mod_sslhaf fixed
September 04, 2009
SSL Labs: a batch of small improvements
September 03, 2009
Tuning ModSecurity Console on Windows
September 01, 2009
Is RC4 safe for use in SSL?
August 28, 2009
Black Hat 2009 SSL Review: Breaking the Myths of Extended Validation SSL Certificates (Alexander Sotirov and Mike Zusman)
August 07, 2009
Black Hat 2009 SSL Review: More Tricks For Defeating SSL In Practice (Moxie Marlinspike)
August 05, 2009
Black Hat 2009 SSL Review: Black Ops of PKI (Dan Kaminsky)
August 04, 2009
Improved SSLv2 detection in SSL Labs
August 03, 2009
TLS Server Name Indication now in Apache
July 29, 2009
Can you have too much SSL?
July 24, 2009
Announcing the SSL Server Rating Guide and the Public SSL Server Database
July 22, 2009
Firefox SSL extensions
July 16, 2009
Examples of the information collected from SSL handshakes
July 09, 2009
Analysis of Googlebot's frugal cipher suite list
July 02, 2009
Improved handling of SSL warnings in Firefox 3.5
July 01, 2009
HTTP client fingerprinting using SSL handshake analysis
June 17, 2009
Security researchers ask Google to enable SSL encryption by default
June 16, 2009
SSL Labs launches
June 15, 2009
The death of dual-licensing as a commercial open source strategy
May 15, 2009
How did MySQL become so successful?
May 15, 2009
Security is difficult; open source security sometimes even more so
March 30, 2009
ModSecurity training at OWASP AppSec Europe 2009
March 27, 2009
Read ChangeThis and you may not need to buy a business book ever again
March 18, 2009
Signing the ModSecurity Contribution Agreement
March 17, 2009
A taxonomy of open source business models
March 12, 2009
Dual-licensing for open source businesses
March 09, 2009
D.J. Bernstein, I salute you!
March 06, 2009
Is that open source project secure (enough)?
March 03, 2009
Application security, Italian style
March 02, 2009
Apache Security Model
February 18, 2009
The worst idea ever: Let's break SSL for mobile users
January 31, 2009
On technical writers and their wives
January 14, 2009

Founder of Hardenize, because everyone deserves good internet security. Previously, founder of SSL Labs and ModSecurity; wrote Bulletproof TLS and PKI.

Hardenize Badge

Tags

Apache Apache Security BEAST BREACH Bulletproof SSL and TLS Business CRIME Canoe Computer Misuse Act DocBook Feisty Duck Firefox Forward Secrecy Humour IronBee IronBee Blog LibHTP Lua ModSecurity ModSecurity Blog ModSecurity Handbook MySQL Nginx Open Source OpenSSL OpenSSL Cookbook PCI POODLE Qualys RC4 SSL SSL Labs SSL Pulse Secure programming Security UK Web Application Firewalls Writing XSS sslhaf

Archive