Latest Web Hacking Incident Database (WHID) Entries(7)
These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) ...
Read MoreDetecting Malice with ModSecurity: Open Proxy Abuse
This week's installment of Detecting Malice with ModSecurity will discuss how to detect potential ...
Read MoreModSecurity Advanced Topic of the Week: Malware Link Detection
Planting of Malware Planting of malware links into legitimate websites in order to conduct ...
Read MoreWASC WHID Semi-Annual Report for 2010: July - December
SpiderLabs just released our WASC Web Hacking Incident Database (WHID) Semiannual Report for 2010 ...
Read MoreModSecurity Advanced Topic of the Week: Inbound/Outbound Correlation
Alert Management - Correlated Events One important alert management issue for security analysts to ...
Read MoreTWSL2011-003: Vulnerabilities in Avocent Cyclades ACS Web Manager
The SpiderLabs team at Trustwave published a new advisory today, which details a vulnerability ...
Read MoreMobile Visability Limitation? There's an App for that.
Last July myself and Christian Papathanasiou presented a DEF CON 18 talk entitled "This is not the ...
Read Morethicknet: Griefing Boss Hogg
Most things I do seem really awesome at the time. Like the time I was at the Italian restaurant ...
Read MoreModSecurity Advanced Topic of the Week: Passive Vulnerability Scanning Part 1 - OSVDB Checks
One of the most under-appreciated capabilities of web application firewalls (WAFs) is traffic ...
Read MoreNetwork Encryption in Modern Relational Database Management Systems
In this post I'll continue on the topic of data encryption (see my previous post on Encrypting Data ...
Read MoreModSecurity Advanced Topic of the Week: Real-time Application Profiling
One of the key feature differentiators between ModSecurity and other commercial WAFs has long been ...
Read MoreJava Floating Point DoS Attack Protection
As many of you may have heard, there is an interesting Java DoS scenario out -
Read MoreNASDAQ News Renews Focus (sort of)
Reactive security is a common theme within many organizations and the reaction is usually not ...
Read MoreTWSL2011-002: Vulnerabilities in Comcast DOCSIS 3.0 Business Gateways (SMCD3G-CCR)
The SpiderLabs team at Trustwave published a new advisory yesterday, which details three ...
Read MoreAdvanced Topic of the Week: Generic Attack Payload Detection
The Inevitable Bypass of Blacklist Filtering Let's face the facts, blacklist filtering as a means ...
Read MoreTrustwave's Global Security Report 2011: Web Application Risks
Yesterday, we released Trustwave's Global Security Report 2011 (short registration required). This ...
Read MoreTrustwave's Global Security Report 2011- Now Available
Today we released Trustwave's Global Security Report 2011 (short registration required). This marks ...
Read MoreSpiderLabs at Black Hat DC 2011
Next week, there will be several members of the SpiderLabs team at Black Hat DC. We'll be ...
Read MoreDetecting Malice with ModSecurity: CSRF Attacks
This week's installment of Detecting Malice with ModSecurity will discuss how to detect and prevent ...
Read MoreModSecurity Advanced Topic of the Week: Credit Card Tracking
The just released CRS v2.1.0 includes Credit Card Tracking rules. These will both track legitimate ...
Read MoreWelcoming Tom Brennan to SpiderLabs
I am pleased to announce that industry veteran Tom Brennan has joined the SpiderLabs team. If you ...
Read MoreWelcome to SpiderLabs Anterior!
SpiderLabs is the advanced security team at Trustwave with a focus on Application Security, ...
Read MoreAnnouncing Release of OWASP ModSecurity Core Rule Set v2.1.0
I am pleased to announce the release of the OWASP ModSecurity Core Rule Set (CRS) v2.1.0. This is a ...
Read MoreAnti-Security and the Christmas Day Incident
On the morning of Dec. 25, yet another anti-security eZine was published, its contents this time ...
Read More(Updated) Advanced Topic of the Week: Handling Authorized Scanning Traffic
Updated - the latest OWASP ModSecurity CRS release has a rules file to handle Authorized ...
Read MoreUpdated ModSecurity Demonstrations
ModSecurity Demonstration Projects We have a number of different ModSecurity Demonstration projects ...
Read Morethicknet: starting wars and funny hats
Man-in-the-middle attacks are old. Really, really old. Maybe even as old as ancient times, when ...
Read More