Welcome Aboard Breno Silva

I am excited to announce that Breno Silva has joined Trustwave's SpiderLabs Research Team where he ...

Read More

Advanced Topic of the Week: Preventing Malicious PDF File Uploads

Many reports have indicated that malicious PDFs that exploit flaws in Adobe's Acrobat Reader are ...

Read More

Advanced Topic of the Week: XSS Defense via Content Injection

Introduction In last week's post on Identifying Improper Output Handling, we showed a method to use ...

Read More

Advanced Topic of the Week: Identifying Improper Output Handling (XSS Flaws)

A Topic Presents Itself

Read More

Advanced Topic of the Week: Validating SessionIDs

This week's topic discusses how to validate application SessionIDs submitted by clients.

Read More

WASC WHID Bi-Annual Report for 2010

The Web Hacking Incident Database (WHID) is a project dedicated to maintaining a record of web ...

Read More

Advanced Topic of the Week: Real-time Blacklist Lookups

This week's feature is the effective use of Real-time Blacklist lookups (@rbl).

Read More

Advanced Topic of the Week: Transformation Functions

This week's feature is the effective use of Transformation functions.

Read More

OWASP ModSecurity CRS Project Promoted to Release Quality

I am excited to announce that the OWASP ModSecurity Core Rule Set (CRS) has completed its official ...

Read More

OWASP ModSecurity Core Rule Set (CRS) v2.0.8 Released

Greetings everyone, I wanted to announce the availability of the OWASP ModSecurity CRS v2.0.8. ...

Read More

Advanced Topic of the Week: Validating Byte Ranges

We are starting a new blog post series here on the ModSecurity site called "Advanced Feature of the ...

Read More

What's up @ ModSecurity?

Since Black Hat and DEFCON we have been busying building teams and aligning objectives over here at ...

Read More

ModSecurity Happy Hour @ Black Hat USA

ModSecurity Community,

Read More

Impedance Mismatch and Base64

There was a recent blog article stating that ModSecurity can be bypassed by adding invalid ...

Read More

OWASP AppSec DC Update

I presented on the OWASP ModSecurity Core Rule Set (CRS) Project yesterday here at the AppSec DC ...

Read More

ModSecurity Training at Blackhat USA 2009

Just a quick note to let everyone know that a 2-day ModSecurity training class was added to the ...

Read More

ModSecurity Vulnerabilities Fixed

ModSecurity versions 2.5.8 and 2.5.9 have been released to fix two vulnerabilities which could be ...

Read More

Fixing Both Missing HTTPOnly and Secure Cookie Flags

In a previous post I showed how you can use both ModSecurity and Apache together to identify/modify ...

Read More

Helping Protect Cookies with HTTPOnly Flag

If you are unfamiliar with what the HTTPOnly cookie flag is or why your web apps should use it, ...

Read More

Securing WebGoat using ModSecurity

This year, the OWASP's Summer of Code event contains one project that's of particular interest to ...

Read More

ModSecurity's Source Code Repository Is Now Open

I spent the last week importing ModSecurity's source code repository into subversion at Source ...

Read More

ModSecurity at ApacheCon US 2008

In a few weeks' time I will present my favourite talk, Web Intrusion Detection with ModSecurity, at ...

Read More

ModProfiler Presentation at OWASP AppSec Israel 2008

I will be giving the updated version of our ModProfiler presentation this Sunday (14th) at the ...

Read More

ModProfiler: Leading ModSecurity Towards Positive Security

Several years ago, a few more than I'd like to admit, I realised our chances for writing completely ...

Read More

ModSecurity Issue Tracker Now Available

I am happy to announce that we've just launched a public issue tracking facility for ModSecurity. ...

Read More

Microsoft and Oracle Helping 'Time-to-Fix' Problems

Before I talk to the title of this post, I have to provide a little back story. I have had an ...

Read More

ModSecurity 2.5.6 and Mlogc

The ModSecurity Log Collector (mlogc) is used to send ModSecurity audit log data to a console or ...

Read More

Transformation Caching Unstable, Fixed, But Deprecated

We have just released ModSecurity 2.5.6 to address several issues with transformation caching: the ...

Read More