In an interview with InternetNews Barnett explained that a decade ago when ModSecurity was first being built, Apache was the most popular web server and that’s why it was chosen as the initial platform. Fast forward to today, and Apache is still the most popular web server in the world, but it is now facing increasing competition from both Microsoft IIS and nginx. He noted that Apache roughly holds 60 percent of the web server market now, meaning that ModSecurity was leaving 40 percent un-served.
The effort to bring ModSecurity over to Microsoft IIS in particular was not one that Trustwave and the open source community embarked on alone. Barnett said that they first had to get the support of the Microsoft Security Response Center (MSRC). Trustwave had already been a partner of the MSRC by way of the MAPP (Microsoft Active Protections Program), which provides partners with advance data on Patch Tuesday vulnerabilities in an effort to enable faster patching. Read the full story at eSecurityPlanet:
Black Hat: Open Source Web Application Firewall Comes to Microsoft IIS