SpiderLabs^® Blog

Events over the last seven days have dramatically underlined the pitfalls and difficulties of online security to consumers. To kick off, we had the news that both Apple's iPhone and Google's Droid were keeping rather too much data on their...

Read More 

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) Web Hacking Incident Database (WHID) Project. WHID 2011-84:Hackers access personal info of Lancaster County students Entry Title: WHID 2011-84:Hackers access personal info of Lancaster County...

Read More 

Snort Web Attack Rules You may be familiar with the Emerging Threats project. They have a few Snort rules files related to known web application vulnerabilities and attacks: emerging-web_server.rules emerging-web_specific_apps.rules Identifying attacks against known vulnerabilities does have value in the...

Read More 

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) Web Hacking Incident Database (WHID) Project. WHID 2011-72: WordPress Hack Could Put Premium Users at Risk WHID ID: 2011-72 Date Occurred: April 13, 2011 Attack...

Read More 

Mozilla's Content Security Policy (CSP) Mozilla has developed a fantastic security capability into the FireFox web browser called Content Security Policy (CSP) which they describe as: Content Security Policy (CSP) is an added layer of security that helps to detect...

Read More 

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) Web Hacking Incident Database (WHID) Project. WHID 2011-67: Hackers attack iTunes Entry Title: WHID 2011-67: Hackers attack iTunes WHID ID: 2011-67 Date Occurred: April 4,...

Read More 

This is a follow-up post to ModSecurity Advanced Topic of the Week: Malware Link Detection in which we will highlight a new capability within ModSecurity v2.6 that allows for removal of data within response bodies. Malware Link Identification In the...

Read More 

Blended Attacks More and more of today's web application attacks are leveraging multiple weaknesses, vulnerabilities and attack methods in order to achieve a desired exploitation outcome. It is becoming more and more difficult to neatly place an attack into one...

Read More 

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) Web Hacking Incident Database (WHID) Project. WHID 2011-61: LizaMoon Mass SQL Injection Attack Points to Rogue AV Site Entry Title: WHID 2011-61: LizaMoon Mass SQL...

Read More 

With the recent fraudulent certificate incident involving one of Comodo's RAs there is a renewed interest in the quality and reliability of the revocation infrastructure surrounding X.509 certificates ("SSL"). Adam Langley, a researcher at Google, coincidentally wrote a blog post...

Read More