Showing 329 results for: ModSecurity ×

ModSecurity version 3.0.0 first release candidate

Recently we announced the first release candidate for libModSecurity (also as known as ModSecurity version 3). The goal was to turn ModSecurity into a mature library that could be used seamlessly regardless of web server or platform. The motivations for...

Announcing ModSecurity version 2.9.2

We recently released ModSecurity version 2.9.2. The release contains a number of bug fixes, including two security issues: Allan Boll reported an uninitialized variable that may lead to a crash on Windows platform. Brian Adeloye reported an infinite loop on...

ModSecurity version 3: Fuzzing as part of the QA

The stability of any given project is often tracked by its maturity, which is generally measured by how old the code is. Even though this may be true a lot of the time, here at Trustwave SpiderLabs we wanted to...

Is ModSecurity's SecRules Turing Complete?

Have you ever seen a rule for ModSecurity? They may look similar to the following: SecRule REQUEST_URI "@endswith example.com/index.html" "id:1,log,deny,redirect:http://modsecurity.org" This rule may look complicated, but it is extremely basic. It says, if you find a URL ending with example.com/index.html...

OWASP Core Rule Set 3.0.0 (Final) release

The OWASP Core Rule Set (CRS) team is excited to announce the immediate availability of the OWASP Core Rule Set Version 3.0.0 stable release. This release represents over two and a half years of effort with nearly 1000 commits and...

OWASP ModSecurity CRS Version 3.0 RC2 Released

The OWASP Core Rule Set (CRS) is an Open Source project run by the Open Web Application Security Project (OWASP) and is frequently paired with the Open Source ModSecurity project. As part of Trustwave's commitment to ModSecurity, the Spiderlabs Web...

OWASP ModSecurity CRS Version 3.0 RC1 Released

Trustwave has been dedicated to supporting ModSecurity and the associated community for the better part of a decade. Over this time, ModSecurity and the associated OWASP Core Rule Set (CRS) have seen major advances and are currently positioned as leading...

Sending ModSecurity Logs to MySQL

Previous Work As part of our positions at SpiderLabs Research we each get time to undertake various research tasks. Typically on the Web Server Security team we spend this time improving ModSecurity and Trustwave WAF, analyzing the latest web threats,...

An Overview of the Upcoming libModSecurity

libModSecurity is a major rewrite of ModSecurity. It preserves the rich syntax and feature set of ModSecurity while delivering improved performance, stability, and a new experience in easy integration on different. libModSecurity - Motivations While ModSecurity version 2.9.0 is available...

Protecting Your Sites from Apache.Commons Vulnerabilities

A few weeks ago, FoxGlove Security released this important blog post that includes several Proof-of-Concepts for exploiting Java unserialize vulnerabilities. A remote attacker can gain Remote Code Execution by sending specially crafted payload to any endpoint expecting a serialized...

Joomla 0-Day Exploited In the Wild (CVE-2015-8562)

A recent new 0-day in Joomla discovered by Sucuri (Sucuri Blog) has drawn a lot of attention from the Joomla community, as well as attackers. Using knowledge gained from our recent research on Joomla (CVE-2015-7857, SpiderLabs Blog Post) and information...

Zero-day in Magmi database client for popular e-commerce platform Magento targeted in the wild

Magento is the most popular e-commerce platform owned by eBay since 2011. We illustrate how a severe security flaw can be introduced into a Magneto based e-commerce system, when installing a commonly used vulnerable version of the open-source Magmi utility and failing to change the default security configuration. The appearance of HTTP requests attempting to exploit this vulnerability in the wild indicates that some bad actors are onto this method as well. Once successful, the attacker gains the Magento site credentials and the encryption key for the Magento database.