ModSecurity Happy Hour at Blackhat USA 2011
I am excited to announce that SpiderLabs will be hosting a ModSecurity Happy Hour during the ...
Read MoreAnnouncing Release of OWASP ModSecurity Core Rule Set v2.2.0
The ModSecurity Development Team is pleased to announce the release of the OWASP ModSecurity Core ...
Read MoreLatest Web Hacking Incident Database (WHID) Entries
These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) ...
Read MoreUnicode Visual Spoofing for Good: Confusable CAPTCHAs
In this blog post, I will show a proof of concept method of leveraging Unicode Visual ...
Read MoreLatest Web Hacking Incident Database (WHID) Entries (1)
These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) ...
Read MoreModSecurity Advanced Topic of the Week: Passive Vulnerability Scanning Part 2 - Watcher Checks
In a previous blog post entitled "ModSecurity Advanced Topic of the Week: Passive Vulnerability ...
Read MoreLatest Web Hacking Incident Database (WHID) Entries(2)
These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) ...
Read MoreReaching Trustwave's WebDefend Minus World
So my inbox lit up today with a Full Disclosure note about a vulnerability in Trustwave's ...
Read MoreDetecting Malice with ModSecurity: Request Method Anomalies
This week's installment of Detecting Malice with ModSecurity will discuss how to detect HTTP ...
Read MoreLatest Web Hacking Incident Database (WHID) Entries (3)
These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) ...
Read MoreModSecurity Advanced Topic of the Week: Integrating IDS Signatures
Snort Web Attack Rules You may be familiar with the Emerging Threats project. They have a few Snort ...
Read MoreModSecurity 2.6.0-rc1 is now available
The ModSecurity Development Team is pleased to announce the availability of ModSecurity 2.6.0-rc1 ...
Read MoreLatest Web Hacking Incident Database (WHID) Entries (4)
These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) ...
Read MoreModSecurity Advanced Topic of the Week: Integrating Content Security Policy (CSP)
Mozilla's Content Security Policy (CSP) Mozilla has developed a fantastic security capability into ...
Read MoreLatest Web Hacking Incident Database (WHID) Entries(6)
These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) ...
Read MoreLatest Web Hacking Incident Database (WHID) Entries(7)
These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) ...
Read MoreDetecting Malice with ModSecurity: Open Proxy Abuse
This week's installment of Detecting Malice with ModSecurity will discuss how to detect potential ...
Read MoreModSecurity Advanced Topic of the Week: Malware Link Detection
Planting of Malware Planting of malware links into legitimate websites in order to conduct ...
Read MoreModSecurity Advanced Topic of the Week: Inbound/Outbound Correlation
Alert Management - Correlated Events One important alert management issue for security analysts to ...
Read MoreModSecurity Advanced Topic of the Week: Passive Vulnerability Scanning Part 1 - OSVDB Checks
One of the most under-appreciated capabilities of web application firewalls (WAFs) is traffic ...
Read MoreJava Floating Point DoS Attack Protection
As many of you may have heard, there is an interesting Java DoS scenario out -
Read MoreAdvanced Topic of the Week: Generic Attack Payload Detection
The Inevitable Bypass of Blacklist Filtering Let's face the facts, blacklist filtering as a means ...
Read MoreTrustwave's Global Security Report 2011: Web Application Risks
Yesterday, we released Trustwave's Global Security Report 2011 (short registration required). This ...
Read MoreDetecting Malice with ModSecurity: CSRF Attacks
This week's installment of Detecting Malice with ModSecurity will discuss how to detect and prevent ...
Read MoreModSecurity Advanced Topic of the Week: Credit Card Tracking
The just released CRS v2.1.0 includes Credit Card Tracking rules. These will both track legitimate ...
Read MoreAnnouncing Release of OWASP ModSecurity Core Rule Set v2.1.0
I am pleased to announce the release of the OWASP ModSecurity Core Rule Set (CRS) v2.1.0. This is a ...
Read More