Trustwave's Global Security Report 2011: Web Application Risks
Yesterday, we released Trustwave's Global Security Report 2011 (short registration required). This ...
Read More
Trustwave's Global Security Report 2011- Now Available
Today we released Trustwave's Global Security Report 2011 (short registration required). This marks ...
Read MoreSpiderLabs at Black Hat DC 2011
Next week, there will be several members of the SpiderLabs team at Black Hat DC. We'll be ...
Read MoreDetecting Malice with ModSecurity: CSRF Attacks
This week's installment of Detecting Malice with ModSecurity will discuss how to detect and prevent ...
Read MoreModSecurity Advanced Topic of the Week: Credit Card Tracking
The just released CRS v2.1.0 includes Credit Card Tracking rules. These will both track legitimate ...
Read MoreWelcoming Tom Brennan to SpiderLabs
I am pleased to announce that industry veteran Tom Brennan has joined the SpiderLabs team. If you ...
Read MoreWelcome to SpiderLabs Anterior!
SpiderLabs is the advanced security team at Trustwave with a focus on Application Security, ...
Read MoreAnnouncing Release of OWASP ModSecurity Core Rule Set v2.1.0
I am pleased to announce the release of the OWASP ModSecurity Core Rule Set (CRS) v2.1.0. This is a ...
Read MoreAnti-Security and the Christmas Day Incident
On the morning of Dec. 25, yet another anti-security eZine was published, its contents this time ...
Read More(Updated) Advanced Topic of the Week: Handling Authorized Scanning Traffic
Updated - the latest OWASP ModSecurity CRS release has a rules file to handle Authorized ...
Read MoreUpdated ModSecurity Demonstrations
ModSecurity Demonstration Projects We have a number of different ModSecurity Demonstration projects ...
Read Morethicknet: starting wars and funny hats
Man-in-the-middle attacks are old. Really, really old. Maybe even as old as ancient times, when ...
Read MoreCVE-2010-4506 and CVE-2010-4507 Released
The SpiderLabs team published two new advisories today. The first, CVE-2010-4506, was discovered in ...
Read MoreNew Director of SpiderLabs EMEA Announced
I am very pleased to be able to announce on this blog that the SpiderLabs team has a new Director ...
Read MoreAdvanced Topic of the Week: Traditional vs. Anomaly Scoring Detection Modes
In the latest SVN trunk version of the CRS (2.0.9), we have implemented the capability for users to ...
Read MoreEncrypting Data at Rest
Data should be encrypted at rest and in motion. In this post, I'll discuss encrypting data files ...
Read MoreModSecurity 2.5.13 release candidate
A release candidate of 2.5.13 ModSecurity into the svn repository (branch 2.5.x) is already ...
Read MoreDetecting Malice with ModSecurity: IP Forensics
This week's installment of Detecting Malice with ModSecurity will discuss the value of obtaining ...
Read MoreDetecting Malice with ModSecurity: GeoLocation Data
I would like to introduce a new blog series entitled - Detecting Malice with ModSecurity and will ...
Read MoreModSecurity Life cycle
We are proud to announce the new release 2.5.13 is under development and will be released next ...
Read MoreModSecurity User Survey Results Released
As a result of the acquisition of Breach Security (and thus ModSecurity) by Trustwave, we thought ...
Read MoreWelcome Aboard Breno Silva
I am excited to announce that Breno Silva has joined Trustwave's SpiderLabs Research Team where he ...
Read MoreAdvanced Topic of the Week: Preventing Malicious PDF File Uploads
Many reports have indicated that malicious PDFs that exploit flaws in Adobe's Acrobat Reader are ...
Read MoreAdvanced Topic of the Week: XSS Defense via Content Injection
Introduction In last week's post on Identifying Improper Output Handling, we showed a method to use ...
Read MoreAdvanced Topic of the Week: Identifying Improper Output Handling (XSS Flaws)
A Topic Presents Itself
Read MoreAdvanced Topic of the Week: Validating SessionIDs
This week's topic discusses how to validate application SessionIDs submitted by clients.
Read More