Advanced Topic of the Week: Preventing Malicious PDF File Uploads
Many reports have indicated that malicious PDFs that exploit flaws in Adobe's Acrobat Reader are ...
Read MoreMany reports have indicated that malicious PDFs that exploit flaws in Adobe's Acrobat Reader are ...
Read MoreIntroduction In last week's post on Identifying Improper Output Handling, we showed a method to use ...
Read MoreA Topic Presents Itself
Read MoreThis week's topic discusses how to validate application SessionIDs submitted by clients.
Read MoreThe Web Hacking Incident Database (WHID) is a project dedicated to maintaining a record of web ...
Read MoreThis week's feature is the effective use of Real-time Blacklist lookups (@rbl).
Read MoreThis week's feature is the effective use of Transformation functions.
Read MoreI am excited to announce that the OWASP ModSecurity Core Rule Set (CRS) has completed its official ...
Read MoreGreetings everyone, I wanted to announce the availability of the OWASP ModSecurity CRS v2.0.8. ...
Read MoreWe are starting a new blog post series here on the ModSecurity site called "Advanced Feature of the ...
Read MoreSince Black Hat and DEFCON we have been busying building teams and aligning objectives over here at ...
Read MoreThere was a recent blog article stating that ModSecurity can be bypassed by adding invalid ...
Read MoreI presented on the OWASP ModSecurity Core Rule Set (CRS) Project yesterday here at the AppSec DC ...
Read MoreJust a quick note to let everyone know that a 2-day ModSecurity training class was added to the ...
Read MoreModSecurity versions 2.5.8 and 2.5.9 have been released to fix two vulnerabilities which could be ...
Read MoreIn a previous post I showed how you can use both ModSecurity and Apache together to identify/modify ...
Read MoreIf you are unfamiliar with what the HTTPOnly cookie flag is or why your web apps should use it, ...
Read MoreThis year, the OWASP's Summer of Code event contains one project that's of particular interest to ...
Read MoreI spent the last week importing ModSecurity's source code repository into subversion at Source ...
Read MoreIn a few weeks' time I will present my favourite talk, Web Intrusion Detection with ModSecurity, at ...
Read MoreI will be giving the updated version of our ModProfiler presentation this Sunday (14th) at the ...
Read MoreSeveral years ago, a few more than I'd like to admit, I realised our chances for writing completely ...
Read MoreI am happy to announce that we've just launched a public issue tracking facility for ModSecurity. ...
Read MoreBefore I talk to the title of this post, I have to provide a little back story. I have had an ...
Read MoreThe ModSecurity Log Collector (mlogc) is used to send ModSecurity audit log data to a console or ...
Read MoreWe have just released ModSecurity 2.5.6 to address several issues with transformation caching: the ...
Read MoreAlthough Solaris has been supported as a platform for ModSecurity since the very beginning, it has ...
Read More