TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain

The SpiderLabs team at Trustwave published a new advisory today, which details an issue identified ...

Read More

Advanced Topic of the Week: (Updated) Real-time Blacklist Lookups

Updated - the information in this blog has been updated to reflect the current RBL enhancement ...

Read More

Announcing Release of ModSecurity v2.6.1

Availability of ModSecurity 2.6.1-RC1 Release (July 18, 2011) The ModSecurity Development Team is ...

Read More

Spiders Are FUN!!! at DEF CON 19

DEF CON's coming up soon (3 weeks to be exact), and there's a lot of excellent talks lined up, ...

Read More

(Updated) ModSecurity Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks

Update - the latest version of the ModSecurity 2.6 has a new directive called SecWriteStateLimit ...

Read More

Announcing Release of ModSecurity v2.6.1-RC1

Availability of ModSecurity 2.6.1-RC1 Release (June 30, 2011) The ModSecurity Development Team is ...

Read More

Announcing the ModSecurity SQL Injection Challenge

The ModSecurity Project Team is happy to announce our first community hacking challenge!

Read More

ModSecurity Advanced Topic of the Week: Application Logout Response Actions

Application Defense Response Actions What is the best way to respond to suspicious transactions ...

Read More

TWSL2011-006: IBM Web Application Firewall Bypass

The SpiderLabs team at Trustwave published a new advisory today, which details an issue identified ...

Read More

Patch the Vuln - Feathers - SQLi(1)

Spot the Vuln -> Patch the Vuln SpotTheVuln This blog post series is designed to be a companion ...

Read More

Patch the Vuln - Feathers - SQLi

Spot the Vuln -> Patch the Vuln SpotTheVuln This blog post series is designed to be a companion ...

Read More

My Other Ride is Your Image Upload Script(1)

Many security issues are based upon mistaken assumptions. For instance, when testing applications, ...

Read More

My Other Ride is Your Image Upload Script

Many security issues are based upon mistaken assumptions. For instance, when testing applications, ...

Read More

TWSL2011-004: Cross-Site Scripting Vulnerability in ZyXEL ZyWALL 70 Firewall(1)

The SpiderLabs team at Trustwave published a new advisory today, which details a vulnerability ...

Read More

ModSecurity Advanced Topic of the Week: Unicode Mapping Support

Read More

ModSecurity Happy Hour at Blackhat USA 2011

I am excited to announce that SpiderLabs will be hosting a ModSecurity Happy Hour during the ...

Read More

Announcing Release of OWASP ModSecurity Core Rule Set v2.2.0

The ModSecurity Development Team is pleased to announce the release of the OWASP ModSecurity Core ...

Read More

Analysis and Evolution of MacDefender OS X Fake AV Scareware

Over the last month, a new fake AV scareware variant has been circulating for OS X which has been ...

Read More

Announcing Release of ModSecurity v2.6.0

The ModSecurity Development Team is pleased to announce the availability of ModSecurity 2.6.0 ...

Read More

National Cyber Safety Awareness Day is May 17th

We're taking a short break from our normal technical posts to write about "National Cyber Safety ...

Read More

Analyzing Malware Hollow Processes

The Malware Analyst's Cookbook is a great book. In it the authors talked about an interesting ...

Read More

Latest Web Hacking Incident Database (WHID) Entries

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) ...

Read More

Unicode Visual Spoofing for Good: Confusable CAPTCHAs

In this blog post, I will show a proof of concept method of leveraging Unicode Visual ...

Read More

Latest Web Hacking Incident Database (WHID) Entries (1)

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) ...

Read More

ModSecurity Advanced Topic of the Week: Passive Vulnerability Scanning Part 2 - Watcher Checks

In a previous blog post entitled "ModSecurity Advanced Topic of the Week: Passive Vulnerability ...

Read More

Latest Web Hacking Incident Database (WHID) Entries(2)

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) ...

Read More

Reaching Trustwave's WebDefend Minus World

So my inbox lit up today with a Full Disclosure note about a vulnerability in Trustwave's ...

Read More

Detecting Malice with ModSecurity: Request Method Anomalies

This week's installment of Detecting Malice with ModSecurity will discuss how to detect HTTP ...

Read More