Showing 20 results for: 2014 ×ModSecurity ×

Setting HoneyTraps with ModSecurity: Adding Fake Cookies

This blog post continues with the topic of setting "HoneyTraps" within your web applications to catch attackers. Please review the previous posts for more examples: Project Honeypot Integration Unused Web Ports Adding Fake robots.txt Entries Adding Fake HTML Comments Adding...

Reflected File Download - A New Web Attack Vector

PLEASE NOTE: As promised, I've published a full white paper that is now available for download: White paper "Reflected File Download: A New Web Attack Vector" by Oren Hafif. On October 2014 as part of my talk at the Black...

Blackhat Arsenal 2014: Live ModSecurity Demonstrations

If you are heading out to Blackhat USA 2014 in Las Vegas this week, please stop by the Arsenal Tools area on Thursday morning to see live demonstrations of ModSecurity's advanced features. Arsenal Demonstration Information Location: Mandalay Bay Convention Center,...

[Honeypot Alert] Open Flash Charts File Upload Attacks

Our web honeypots picked up some increased scanning/exploit activity for the following file upload vulnerability in Open Flash Charts - The following screenshot shows the contents of the vulnerable ofc_upload_image.php file: As you can see from this simple code, there...

ModSecurity Advanced Topic of the Week: JSON Support

Submitted by Felipe Costa and Ryan Barnett (SpiderLabs Research - ModSecurity Team) Increasing Adoption of Dynamic Web Content Long gone are the days of static HTML web content. Dynamic web content adoption is growing and growing as everyone wants to...

Announcing ModSecurity v2.8.0

The ModSecurity Project team is pleased to announce the availability of v2.8.0. To see the full release notes or download the the source packages, see the ModSecurity GitHub project release tab: https://github.com/SpiderLabs/ModSecurity/releases New Features Version 2.8.0 comes with five important...

[Honeypot Alert] JCE Joomla Extension Attacks

Our web honeypots picked up some increased exploit attempts for an old Joomla Content Editor (JCE) Extension vulnerability. Although this vulnerability is a few years old, botnet owners are heavily scanning for sites that are vulnerable and attempting to exploit...

WordPress XML-RPC PingBack Vulnerability Analysis

There were news stories this week outlining how attackers are abusing the XML-PRC "pingback" feature of WordPress blog sites to launch DDoS attacks on other sites. This blog post will provide some analysis on this attack and additional information for...

Introducing ModSecurity Status Reporting

The Trustwave SpiderLabs Research team is committed to making ModSecurity the best open source WAF possible. To this end, we have deployed Buildbot platforms and revamped regression tests for our different ports to ensure code quality and reliability. But we...