Breach Security, Inc., a leader in web application firewalls, announced today that the Breach Security WebDefend(TM) web application firewall has earned certification by ICSA Labs, an independent division of Verizon. WebDefend is one of the first web application firewall products to achieve this distinction.

On the open source end of the scale we have a project named ModSecurity. According to the Mod Security website (http://www.modsecurity.org), ModSecurity is an open source intrusion detection and prevention engine for web applications. Operating as an Apache Web server module, the purpose of ModSecurity is to increase web application security, protecting web applications from known and unknown attacks.

The current version of ModSecurity is 1.7.6 with the 1.8 release slated for April 2004. You can grab the latest copy from http://www.modsecurity.org/download/index.html.  Ivan Ristic: is also involved with the Open Web Application Security Project and the Web Application Security Consortium. These are two organizations with similar goals - to increase awareness of web application security issues - but different ideas how to get there.