Showing 31 results for: 2010 ×

Announcing Release of OWASP ModSecurity Core Rule Set v2.1.0

I am pleased to announce the release of the OWASP ModSecurity Core Rule Set (CRS) v2.1.0. This is a significant update as we have added many new capabilities. CHANGE LOG - -------------------------- Version 2.1.0 - 12/29/2010 -------------------------- Improvements: - Added...

Anti-Security and the Christmas Day Incident

On the morning of Dec. 25, yet another anti-security eZine was published, its contents this time targeting some well-known security professionals and projects. The Anti-Security Movement isn't anything new, they have been around in various forms for a long time,...

Updated ModSecurity Demonstrations

ModSecurity Demonstration Projects We have a number of different ModSecurity Demonstration projects hosted on the ModSecurity site. ModSecurity/PHPIDS Evasion Testing Demo The ModSecurity Demo is a joint effort between the ModSecurity and PHPIDS project teams to allow users to test...

thicknet: starting wars and funny hats

Man-in-the-middle attacks are old. Really, really old. Maybe even as old as ancient times, when messengers ran between cities. Beat up a messenger, steal his funny hat, and change his scroll to say, "King Sam is really pissed at you...

New Director of SpiderLabs EMEA Announced

I am very pleased to be able to announce on this blog that the SpiderLabs team has a new Director of SpiderLabs EMEA. John Yeo is now running all-things SpiderLabs for the EMEA team. This marks a great step forward...

Welcome to SpiderLabs !

SpiderLabs is the advanced security team at Trustwave with a focus on Application Security, Incident Response, Penetration Testing, Physical Security, and Security Research. We perform hundreds of incident response investigations and thousands of penetration tests for clients in over 50...

Announcing Release of CRS v2.0.9

Greetings everyone, I am pleased to announce the release of the OWASP ModSecurity Core Rule Set (CRS) v2.0.9. The most significant change is that users can now easily toggle between Traditional or Anomaly Scoring Detection modes. CHANGE LOG - --------------------------...

Encrypting Data at Rest

Data should be encrypted at rest and in motion. In this post, I'll discuss encrypting data files rather than securing database communications.

ModSecurity 2.5.13 release candidate

Already available a release candidate of 2.5.13 ModSecurity into svn repository (branch 2.5.x). There are some improvements, new features and bug fixes like : New features: * Added new setvar Lua API to be used into Lua scripts * Added...

Detecting Malice with ModSecurity: IP Forensics

This week's installment of Detecting Malice with ModSecurity will discuss the value of obtaining data about client IP Addresses. IP Forensic Section of Robert "Rsnake" Hansen's book "Detecting Malice" - Whenever someone connects to your server you get their IP...

ModSecurity Life cycle

We are proud to announce the new release 2.5.13 is under development and will be released next month! it will be the last release of 2.5 series and will fix some important issues reported by the community. Also we decided...

Advanced Topic of the Week: Request Header Tagging

Request Header Tagging Wouldn't it be cool if your WAF could share its data with the application it is protecting? This concept is similar to anti-SPAM SMTP apps that will add additional mime headers to emails providing the SPAM detection...

ModSecurity User Survey Results Released

As a result of the acquisition of Breach Security (and thus ModSecurity) by Trustwave, we thought that it was a good time to run another User Survey to get a better understanding of how the community is using ModSecurity and,...

Welcome Aboard Breno Silva

I am excited to announce that Breno Silva has joined Trustwave's SpiderLabs Research Team where he will be serving as the new ModSecurity Development Lead. Breno has recently been working on the OISF team to develop Suricata. Here is a...