Dre G

I just wanted to cheer the ModSecurity team for their fix of MODSEC-57 "Disable a rule for one particular argument".

This really puts ModSecurity on the map for nearly everyone. Reduction of false positives is now concise enough to be useful. The wins for profiling and other ModSecurity 2.6.0 release features meet and exceed my stringent (but IMO, realistic) requirements.

Having long been the largest single opponent of this technology, I find it humbling to say that these developers are not only "on my good side" now, but pioneers as a viable option for optimal appsec controls in basically any and every real-world scenario.

after seeing this tool in the Web Application Defender's Handbook, I am glad I revisited it to find superior plugins for autothrottle and proxying capabilities, in addition to setting the standard for BSQLi and PT/LFI attack modules