nginx

NGINX Announces Eight Solutions that Let Developers Run Safely with Scissors Technology is hard. As technologists, I think we like it that way. It’s built‑in job security, right? Well, unfortunately, the modern application world has become unproductively hard. We need to make it easier. That’s why I like describing the current developer paradox as the need to run safely with scissors. NGINX Balances Developer Choice with Infrastructure Guardrails Running with scissors is a simple metaphor for what is the admittedly difficult ask we make of software engineers. Developers need to run. Time to market and feature velocity are critical to the success of digital businesses. As a result, we don’t want to encumber developers with processes or technology choices that slow them down. Instead we empower them to pick tools and stacks that let them deliver code to customers as [ more… ]

The Essence of Sprint is Speed We’re living in interesting, albeit challenging, times. This year set a new standard for change that saw both our professional and personal lives transformed almost overnight. The global pandemic has fueled a radical departure from established initiatives, bringing the rate at which businesses are able to adapt and respond even more sharply into focus. The message is clear: Speed will be key for modern organizations that not only want to survive – but thrive – in the future. Digital Is Table Stakes – Speed Is the Differentiator At this point, it’s fair to say that every business is a digital business. Going digital is no longer an option, but a critical factor to meeting consumer expectations. But beyond simply delivering digital services and goods, companies have to ensure they give customers a great experience. Today’s consumers [ more… ]

Addressing a DoS Vulnerability (CVE-2020-15598) in ModSecurity On 14 September 2020, the OWASP ModSecurity Core Rule Set (CRS) team published details of a vulnerability in ModSecurity. The vulnerability has been assigned the identifier CVE-2020-15598, but details have not been published as of this writing. The nature of the issue is disputed by Trustwave, the maintainer of the ModSecurity project, who has proposed mitigations for the problematic behavior. The issue can affect the NGINX Plus ModSecurity module, which is based on the current ModSecurity 3.0.4 release. The NGINX team at F5 worked with the reporter and have validated and applied their recommended update to recent releases of the NGINX Plus ModSecurity module (for NGINX Plus R20, R21, and R22). For more details on the issue, please refer to the following resources: OWASP CRS team: CVE-2020-15598 – ModSecurity v3 Affected By DoS (Severity HIGH) Trustwave: ModSecurity, [ more… ]