What Do Bug Bounties Cover?
Over the past few days in the UK we have been bombarded with arguments and debates over the use of ...
Read MoreModSecurity Advanced Topic of the Week: Automated Virtual Patching Script
Automated Virtual Patching Example Script
Read MoreModSecurity Advanced Topic of the Week: Audit Log Searching with ModGrep
This is an updated section from my previous book Preventing Web Attacks with Apache and discusses a ...
Read MoreAuto-BAHN: Using Smart phones to create emergency, ad hoc networks
Thomas Wilhelm, Sr. Security Consultant at Trustwave SpiderLabs, revealed a proof of concept this ...
Read MoreTWSL2011-008: Focus Stealing Vulnerability in Android
The SpiderLabs team at Trustwave published a new advisory today, which details an issue identified ...
Read MoreRegression Workaround for TWSL2011-007: The iOS SSL Validation Vulnerability (UPDATED)
Trustwave SpiderLabs recently released an advisory (TWSL2011-007) regarding improper x509 ...
Read MoreNew Edition of SpiderLabs Radio - Interviews with SpiderLabs DEF CON Speakers
This month, Zack Fasel and Tom Mackenzie interview the SpiderLabs Team Members presenting at DEF ...
Read MoreDetecting Malice with ModSecurity: HoneyTraps
This week's installment of Detecting Malice with ModSecurity will discuss how to implement ...
Read MoreLive ModSecurity Challenges at Blackhat Arsenal
ModSecurity is participating in the upcoming Blackhat Arsenal Tools Demo next week in Las Vegas.
Read MoreModSecurity SQL Injection Challenge: Lessons Learned
This is a post-mortem blog post to discuss the successful Level II evasions found by participants ...
Read MoreA whole lot of Spiders at DEF CON 19
Next week members of Trustwave's SpiderLabs team will be headed to Las Vegas to attend DEF CON 19. ...
Read MoreTWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain
The SpiderLabs team at Trustwave published a new advisory today, which details an issue identified ...
Read MoreAdvanced Topic of the Week: (Updated) Real-time Blacklist Lookups
Updated - the information in this blog has been updated to reflect the current RBL enhancement ...
Read MoreAnnouncing Release of ModSecurity v2.6.1
Availability of ModSecurity 2.6.1-RC1 Release (July 18, 2011) The ModSecurity Development Team is ...
Read MoreSpiders Are FUN!!! at DEF CON 19
DEF CON's coming up soon (3 weeks to be exact), and there's a lot of excellent talks lined up, ...
Read More(Updated) ModSecurity Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks
Update - the latest version of the ModSecurity 2.6 has a new directive called SecWriteStateLimit ...
Read MoreAnnouncing Release of ModSecurity v2.6.1-RC1
Availability of ModSecurity 2.6.1-RC1 Release (June 30, 2011) The ModSecurity Development Team is ...
Read MoreAnnouncing the ModSecurity SQL Injection Challenge
The ModSecurity Project Team is happy to announce our first community hacking challenge!
Read MoreModSecurity Advanced Topic of the Week: Application Logout Response Actions
Application Defense Response Actions What is the best way to respond to suspicious transactions ...
Read MoreTWSL2011-006: IBM Web Application Firewall Bypass
The SpiderLabs team at Trustwave published a new advisory today, which details an issue identified ...
Read MorePatch the Vuln - Feathers - SQLi(1)
Spot the Vuln -> Patch the Vuln SpotTheVuln This blog post series is designed to be a companion ...
Read MorePatch the Vuln - Feathers - SQLi
Spot the Vuln -> Patch the Vuln SpotTheVuln This blog post series is designed to be a companion ...
Read MoreMy Other Ride is Your Image Upload Script(1)
Many security issues are based upon mistaken assumptions. For instance, when testing applications, ...
Read MoreMy Other Ride is Your Image Upload Script
Many security issues are based upon mistaken assumptions. For instance, when testing applications, ...
Read MoreTWSL2011-004: Cross-Site Scripting Vulnerability in ZyXEL ZyWALL 70 Firewall(1)
The SpiderLabs team at Trustwave published a new advisory today, which details a vulnerability ...
Read MoreModSecurity Happy Hour at Blackhat USA 2011
I am excited to announce that SpiderLabs will be hosting a ModSecurity Happy Hour during the ...
Read More