Showing 27 results for: 2012 ×ModSecurity ×

Detecting Successful XSS Testing with JS Overrides

Do you know when an attacker or security researcher successfully finds a Cross-site Scripting (XSS) vulnerability in your web application? This blog post will demonstrate a proof of concept that uses ModSecurity to add defensive Javascript to response pages that...

Announcing the availability of ModSecurity extension for Nginx

ModSecurity for Nginx ModSecurity for Nginx is a web server plug-in for the Nginx web server platform. This module was created through a collaboration between Trustwave SpiderLabs Research, Microsoft Security Research Center (MSRC), Yandex and community members. With the addition...

Web Application Defense: Bayesian Attack Analysis

Regular Expressions for Input Validation If your web application defensive strategy against injection attacks relies solely upon the use of blacklist regular expression for input validation, it is only a matter of time before an attacker finds an evasion. Want...

WAF Normalization and I18N

Submitted By Breno Silva Pinto and Ryan Barnett WAF Normalization and I18N Web application firewalls must be able to handle Internationaliztion (I18N) and thus properly handle various data encodings including Unicode and UTF-8 in order to prevent not only evasion...

Announcing the availability of ModSecurity extension for IIS

This blog post has also been posted on the Microsoft Security Research and Defense site: By: Greg Wroblewski, Microsoft Security Engineering Center Ryan Barnett, Trustwave SpiderLabs Vulnerabilities in on-line services, like cross-site scripting, cross-site request forgery, or even information disclosure,...

Reducing web application attack surface

For as long as companies rely on web sites to do business with their customers and partners, attackers will keep targeting these web applications searching for new (and old) vulnerabilities and trying to exploit them. Reducing the attack surface has...

Beyond Apache: ModSecurity for IIS/Nginx is Coming

The Trustwave SpiderLabs Research Team is proud to announce that, through a collaboration with the Microsoft Security Response Center (MSRC) Team and community member Alan Silva (@AlanJumpi), we will be releasing ModSecurity versions for both the Microsoft Internet Information Services...

ModSecurity and OWASP CRS Updates Available

Security Fix Release: ModSecurity v2.6.6 The ModSecurity Development Team has released version 2.6.6 in response to a multipart bypass vulnerability that was disclosed to us. Users are strongly encouraged to update. Please see the release notes included into CHANGES file....

HULK vs. THOR - Application DoS Smackdown

SpiderLabs Research Team Contributions from: @jgrunzweig @ethackal @claudijd There was a new web server DoS tool released yesterday called HULK (Http Unbearable Load King). Here is a snippet from the blog page: In my line of work, I get to...

PHP-CGI Exploitation by Example

Late last week, a vulnerability in PHP-CGI was disclosed, which allows all sorts of bad for folks running PHP-CGI. It was met with lots of controversy and questions about how it was leaked before a patch was available. What we'll...

Recent Mass SQL Injection Payload Analysis

There have been a number of mass SQL Injection campaigns targeting ASP/ASP.Net/MS-SQL sites over the past few months. While there have been a number of stories, sites and blogs that analyze the the injected JS script tags into the infected...

Virtual Patch for Movable Types XSS (CVE 2012-1262)

My SpiderLabs Research colleague Jonathan Claudius recently identified an XSS flaw in the Movable Types application which was outlined in Trustwave Security Advisory TWSL2012-003. Here is the quick overview of the issue: After extracting the Moveable Type CGI files and...

HOIC DDoS Analysis and Detection

In a previous blog post, we provided details of a DDoS attack tool called LOIC (Low Orbit Ion Canon) used by Anonymous in supports of denial of service attacks over the past year. Attackers are constantly changing their tactics and...