Tag: owasp

Coraza is the memory-safe, Go-written WAF that speaks ModSecurity’s language and runs the OWASP CRS unchanged. Here is what libcoraza and the nginx-coraza module are, why we package them, and the fork-deadlock gotcha nobody warns you about.

Your mailbox table deserves better than raw SQL at 02:00. ViMbAdmin — modernised for PHP 8.5 — manages Postfix + Dovecot virtual domains, mailboxes and aliases via web UI or JSON-RPC API, with TOTP, brute-force protection and a hardened Docker image.

BREACH is a compression side-channel attack that can leak CSRF tokens and other secrets over HTTPS. Here is how the BREACH attack works, why padding is weak protection, and how to prevent it properly.

A beginner-friendly, step-by-step guide to installing ModSecurity and the OWASP Core Rule Set on NGINX for Debian and Ubuntu — from zero to a live WAF without taking your site down.

ModSecurity v3 with the OWASP CRS blocks SQL injection, XSS, shell injection, and scanner traffic at the HTTP layer. This guide covers installation, CRS paranoia levels, WordPress tuning, false positive handling, and performance impact.