Web Application Security Advances: Ivan Ristic Discusses ModSecurity

I am a web application security specialist and have been referred to as a web application firewall guy. In truth, I have many diverse interests (most of them related to technology) but I tend to deal with only one at a time. We live in exciting times when there is so much to do; wherever you look there is room for improvement. My background is in software development and I have spent significant time architecting software systems. However, over the last couple of years I became focused exclusively on security. Today I am probably best known for my work on ModSecurity, which is an open source web application firewall, and my book, Apache Security, which was published by O'Reilly in 2005.

As a result of the recent acquisition of ModSecurity by Breach Security, I moved to work for them as their Chief Evangelist. My job is mainly going to be to working on ModSecurity (which Breach Security are going to continue to develop as an open source product) along with extending Breach Security's web application security products and promoting web application firewalls in general. I am also involved with the Open Web Application Security Project and the Web Application Security Consortium. These are two organizations with similar goals - to increase awareness of web application security issues - but different ideas how to get there. I am very glad to be involved with both.

The link for this article located at is no longer available.