3.0 Reports & other updates
We're getting close to the release candidate series so its time to give the hip-shot list of new things since the last abbreviated update: 1) More updates for DirectAdmin and Cp [...]
New WAF rule class
We've added a new rules class to the WAF "untrusted code content". Untrusted code rule classes allows us to detect cases where web code may be allowed, but will still be inspected [...]
Cpanel Beta now Available
Among other developments in the 3.0 branch is our initial foray into support for cpanel. As long time users have known, ASL has supported just about every CP (Plesk, Interworx, Dir [...]
A quick 3.0 update
If you follow the forums you've probably already seen these screenshots of ASL 3.0. I figured a repost on the website wouldnt hurt for any newcomers curious about some of the thing [...]
Portal and other changes
We just finished up some (very, very) overdue updates to the support portal. The first is probably one of the more popular user requests to create support portal accounts that line [...]
Kernel vulnerabilities, Twitter updates, and FCGI
Kernel News Brad Spender of Grsecurity fame gave me the heads up earlier on a few kernel exploits that are on their way to being published in the wild. If you track this kind of th [...]
ASL 2.2.11 updates, twitter, and more
A few random project updates: nikto was updated to 2.1.3. This is a basic web application vulnerability scanner, theres another we've been meaning to package called w3af. Looks pr [...]
ASL 2.2.11-0.1, and Kernel updates
ASL 2.2.11-0.1 is now available in the [asl-2.0-testing] channel. This update includes some minor bugfixes for ASL Web, and ossec configuration generation. New features (at this ti [...]
Vulnerability Scanner improvements
One of the larger efforts for the ASL 3.0 series is to include a more robust vulnerability detection system. With ASL 2.x we focused on more implementation specific vulnerability d [...]
OSSEC and Agent mode improvements
OSSEC is under heavy development upstream, and we've been helping them out where we can. This week it was getting into the malware detection database / updating the rootkit lists, [...]