Dynamic DAST/WAF Integration: Realtime Virtual Patching
At the recent OWASP AppSecDC conference, I presented on this topic. I received a lot of feedback ...
Read MoreAt the recent OWASP AppSecDC conference, I presented on this topic. I received a lot of feedback ...
Read MoreIt was only a matter of time before we felt Flame's aftershock. Yesterday morning it finally ...
Read MoreAt the recent OWASP AppSecDC conference, I presented on this topic. I received a lot of feedback ...
Read MoreProbably in the same period I started at Trustwave SpiderLabs I decided to start my training for an ...
Read MoreLike many other security research firms, SpiderLabs Research has been actively investigating the ...
Read MoreThe View From The Top Isn't Much Better
Read MoreIn our previous blog post "Inside the Attacker's Toolbox: Botnet Web Attack Scripts" we analyzed ...
Read MoreWhen penetration-testing you get to see lots of seemingly unbelievable security failures, but ...
Read MoreThere's a lot of buzz going around in the security field about a big piece of malware, code named ...
Read MoreEven though it's sometimes easy to forget that there are exploit kits other than BlackHole, other ...
Read MoreHaving investigated cardholder data security breaches for a few years now, I have noticed changes ...
Read MoreHello. I'm Tom Neaves. I recently joined SpiderLabs as a Senior Security Consultant based out of ...
Read MoreWe are evolving how the penetration testing industry reports vulnerabilities. Traditional PDF ...
Read MoreThis is the second blog in this series of blogs. The previous blog provided a general overview of ...
Read MoreHave you ever wondered what script/code/tool was behind the automated web attacks that you see in ...
Read MoreUntil tonight, I'd never gotten a chance to try an xml external entity (XXE) attack. Earlier, I was ...
Read MoreThis is the fourth part in a series of blogs. The prior blogs describe the technical details of the ...
Read MoreIn the next series of blogs we will describe in detail an attack from one of the most sophisticated ...
Read MoreBananaStand learned from last time (to see last time, go here ). Systems were patched, ACL's were ...
Read MoreAbout two weeks ago, a Brazilian security researcher by the name of Gabriel Menezes Nunes released ...
Read MoreThis may sound a bit odd but "nosteve" who usually gives his take on the patch Tuesday release is ...
Read MoreThis year's instantiation of the THOTCON hacking conference issued a unique challenge:
Read MoreThe SpiderLabs team at Trustwave published a new advisory yesterday, which details multiple ...
Read MoreLate last week, a vulnerability in PHP-CGI was disclosed, which allows all sorts of bad for folks ...
Read MoreUPDATE - we have received more exploit attempt details from web hosting provider DreamHost. Thanks ...
Read MoreDuring our research we have recently encountered a new private exploit kit. The developers behind ...
Read More