Who's in the Driver's Seat?

Events over the last seven days have dramatically underlined the pitfalls and difficulties of ...

Read More

Latest Web Hacking Incident Database (WHID) Entries (3)

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) ...

Read More

ModSecurity Advanced Topic of the Week: Integrating IDS Signatures

Snort Web Attack Rules You may be familiar with the Emerging Threats project. They have a few Snort ...

Read More

ModSecurity 2.6.0-rc1 is now available

The ModSecurity Development Team is pleased to announce the availability of ModSecurity 2.6.0-rc1 ...

Read More

Latest Web Hacking Incident Database (WHID) Entries (4)

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) ...

Read More

Securing the Fifth Domain

In May 2010, the final disappearance of the line between physical and virtual security became ...

Read More

ModSecurity Advanced Topic of the Week: Integrating Content Security Policy (CSP)

Mozilla's Content Security Policy (CSP) Mozilla has developed a fantastic security capability into ...

Read More

Latest Web Hacking Incident Database (WHID) Entries (5)

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) ...

Read More

CSS and XSS in Melodious Harmony

Web application penetration testers, have you ever run into a situation where you can inject into ...

Read More

ModSecurity Advanced Topic of the Week: Malware Link Removal

This is a follow-up post to ModSecurity Advanced Topic of the Week: Malware Link Detection in which ...

Read More

Analysis of LizaMoon: Stored XSS via SQL Injection

Blended Attacks

Read More

Defective By Design? - Certificate Revocation Behavior In Modern Browsers

With the recent fraudulent certificate incident involving one of Comodo's RAs there is a renewed ...

Read More

Latest Web Hacking Incident Database (WHID) Entries(6)

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) ...

Read More

ModSecurity Update: Increasing Community Involvement

New Licensing Trustwave is commited to the development of the ModSecurity project and in supporting ...

Read More

ModSecurity Advanced Topic of the Week: New Community Contribution - cmdLine Transformation Function

Community Contribution - cmdLine This week's topic highlights a community contribution by long time ...

Read More

SpiderLabs Radio Updated - Hack It! Edition for February 2011

A new SpiderLabs Radio - Hack It! Edition podcast has been uploaded.

Read More

Latest Web Hacking Incident Database (WHID) Entries(7)

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) ...

Read More

Detecting Malice with ModSecurity: Open Proxy Abuse

This week's installment of Detecting Malice with ModSecurity will discuss how to detect potential ...

Read More

ModSecurity Advanced Topic of the Week: Malware Link Detection

Planting of Malware Planting of malware links into legitimate websites in order to conduct ...

Read More

WASC WHID Semi-Annual Report for 2010: July - December

SpiderLabs just released our WASC Web Hacking Incident Database (WHID) Semiannual Report for 2010 ...

Read More

ModSecurity Advanced Topic of the Week: Inbound/Outbound Correlation

Alert Management - Correlated Events One important alert management issue for security analysts to ...

Read More

TWSL2011-003: Vulnerabilities in Avocent Cyclades ACS Web Manager

The SpiderLabs team at Trustwave published a new advisory today, which details a vulnerability ...

Read More

Mobile Visability Limitation? There's an App for that.

Last July myself and Christian Papathanasiou presented a DEF CON 18 talk entitled "This is not the ...

Read More

thicknet: Griefing Boss Hogg

Most things I do seem really awesome at the time. Like the time I was at the Italian restaurant ...

Read More

ModSecurity Advanced Topic of the Week: Passive Vulnerability Scanning Part 1 - OSVDB Checks

One of the most under-appreciated capabilities of web application firewalls (WAFs) is traffic ...

Read More

Network Encryption in Modern Relational Database Management Systems

In this post I'll continue on the topic of data encryption (see my previous post on Encrypting Data ...

Read More

ModSecurity Advanced Topic of the Week: Real-time Application Profiling

One of the key feature differentiators between ModSecurity and other commercial WAFs has long been ...

Read More

Java Floating Point DoS Attack Protection

As many of you may have heard, there is an interesting Java DoS scenario out -

Read More