Showing 73 results for: 2011 ×Application Security ×

Detecting Malice with ModSecurity: HoneyTraps

This week's installment of Detecting Malice with ModSecurity will discuss how to implement HoneyTraps in order to detect malicious activity on your website. HoneyTrap excerpt section of Robert "Rsnake" Hansen's book "Detecting Malice" - Booby Trapping Your Application I briefly...

Live ModSecurity Challenges at Blackhat Arsenal

ModSecurity is participating in the upcoming Blackhat Arsenal Tools Demo next week in Las Vegas. Details: When: Wed. Aug 3rd from 1:45 pm - 4:30 pm Where: POD 1 We will have live demos/challenges running from our kiosk. In addition...

ModSecurity SQL Injection Challenge: Lessons Learned

This is a post-mortem blog post to discuss the successful Level II evasions found by participants during the recent ModSecurity SQL Injection Challenge. First of all, I would like to thank all those people that participated in the challenge. All...

A whole lot of Spiders at DEF CON 19

Next week members of Trustwave's SpiderLabs team will be headed to Las Vegas to attend DEF CON 19. Members of the team from every corner of the planet will be attendance. We are fortunate this year to have 15 members...

Announcing Release of OWASP ModSecurity Core Rule Set v2.2.1

I am pleased to announce the release of the OWASP CRS v2.2.1. This is a significant update with regards to SQL Injection protections. Trustwave's SpiderLabs Team conducted an analysis/review of the SQL Injection Challenge Level II evasions - http://www.modsecurity.org/demo/challenge.html and...

Announcing Release of ModSecurity v2.6.1

Availability of ModSecurity 2.6.1-RC1 Release (July 18, 2011) The ModSecurity Development Team is pleased to announce the availability of ModSecurity 2.6.1 Release. This release includes some new features and bug fixes, please see the release notes included into CHANGES file....

Announcing Release of ModSecurity v2.6.1-RC1

Availability of ModSecurity 2.6.1-RC1 Release (June 30, 2011) The ModSecurity Development Team is pleased to announce the availability of ModSecurity 2.6.1-rc1 Release. This release includes some new features and bug fixes, please see the release notes included into CHANGES file....

TWSL2011-006: IBM Web Application Firewall Bypass

The SpiderLabs team at Trustwave published a new advisory today, which details an issue identified in the IBM Web Application Firewall (WAF). The IBM Web Application Firewall capabilities, inside IBM IPS products, complement IBM Security's portfolio of web application security...

Patch the Vuln - Feathers - SQLi

Spot the Vuln -> Patch the Vuln SpotTheVuln This blog post series is designed to be a companion to the Spotthevuln.com website (thanks to Billy Rios - @XSSniper). Spotthevuln.com was designed to give developers more insight into designing code with...

My Other Ride is Your Image Upload Script

Many security issues are based upon mistaken assumptions. For instance, when testing applications, I often find that the user inputs left unsanitized are the ones that the developer does not believe can be modified, such as inputs from drop-down menus....

Announcing Release of OWASP ModSecurity Core Rule Set v2.2.0

-------------------------- The ModSecurity Development Team is pleased to announce the release of the OWASP ModSecurity Core Rule Set v.2.20. There are many significant improvements as listed below from the CHANGES file. -------------------------- Version 2.2.0 - 05/26/2011 -------------------------- Improvements: - Changed...

Latest Web Hacking Incident Database (WHID) Entries

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) Web Hacking Incident Database (WHID) Project. WHID 2011-106: Final Fantasy maker Square Enix hacked Entry Title: WHID 2011-106: Final Fantasy maker Square Enix hacked WHID...

Unicode Visual Spoofing for Good: Confusable CAPTCHAs

In this blog post, I will show a proof of concept method of leveraging Unicode Visual Spoofing/Lookalikes for use in a CAPTCHA to help prevent automated bots from scraping pages and autosubmitting data. Unicode Visual Spoofing/Lookalikes An in-depth discussion of...

Latest Web Hacking Incident Database (WHID) Entries

These are the lastest entries added by SpiderLabs to the Web Application Security Consortium (WASC) Web Hacking Incident Database (WHID) Project. WHID 2011-99: FTC settles data breach charges against Lookout Services Entry Title: WHID 2011-99: FTC settles data breach charges...