Blogs & Stories

SpiderLabs Blog

Attracting more than a half-million annual readers – is the security community’s go-to destination for technical breakdowns of the latest threats, critical vulnerability disclosures and cutting-edge research.

ModSecurity v3.0.3: What To Expect

At precisely 155 commits ahead of the latest version, ModSecurity version 3.0.3 contains a number of improvements and features to enhance the ModSecurity experience. In this blog post, we'll explain some of the new capabilities in the latest release. Better...

ModSecurity Version 3.0 Announcement

libModSecurity aka ModSecurity version 3.0 is out there. libModSecurity starts a new era in terms of ModSecurity extensibility. The modular architecture provides flexibility to extend ModSecurity core with scripting languages and from scripting languages. Facilitating work such as: UI integration,...

ModSecurity Web Application Firewall - Commercial Rules Update(4)

We have recently released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules' purpose is to protect against new emerging attacks that target vulnerabilities in public software. For this release we are highlighting virtual patches...

ModSecurity Web Application Firewall - Commercial Rules Update(3)

We have released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules' purpose is to protect against new emerging attacks that target vulnerabilities in public software. For this release we would like to highlight the...

ModSecurity version 3.0.0 first release candidate

Recently we announced the first release candidate for libModSecurity (also as known as ModSecurity version 3). The goal was to turn ModSecurity into a mature library that could be used seamlessly regardless of web server or platform. The motivations for...

ModSecurity Web Application Firewall - Commercial Rules Update(2)

We have released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules' purpose is to protect against new emerging attacks that target vulnerabilities in public software. For this release we are highlighting virtual patches for...

Announcing ModSecurity version 2.9.2

We recently released ModSecurity version 2.9.2. The release contains a number of bug fixes, including two security issues: Allan Boll reported an uninitialized variable that may lead to a crash on Windows platform. Brian Adeloye reported an infinite loop on...

ModSecurity Web Application Firewall - Commercial Rules Update(1)

We have released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules' purpose is to protect against new emerging attacks that target vulnerabilities in public software. For this release we would like to highlight the...

ModSecurity version 3: Fuzzing as part of the QA

The stability of any given project is often tracked by its maturity, which is generally measured by how old the code is. Even though this may be true a lot of the time, here at Trustwave SpiderLabs we wanted to...

ModSecurity Web Application Firewall - Commercial Rules Update

We have just released new commercial rules for ModSecurity Web Application Firewall (WAF) v2.9 and above. These rules' purpose is to protect against new emerging attacks that target vulnerabilities in public software. For this release we would like to highlight...

Creating the ModSecurity v3 IDS connector as part of Google Summer of Code

A note from the Trustwave Spiderlabs ModSecurity team: The following blog was written at the culmination of the Google Summer Of Code (GSOC) program by Akhil Koul. The ModSecurity team mentored Akhil to help enhance the open source ModSecurity project...

Is ModSecurity’s SecRules Turing Complete?

Have you ever seen a rule for ModSecurity? They may look similar to the following: SecRule REQUEST_URI "@endswith example.com/index.html" "id:1,log,deny,redirect:http://modsecurity.org" This rule may look complicated, but it is extremely basic. It says, if you find a URL ending with example.com/index.html...

OWASP Core Rule Set 3.0.0 (Final) release

The OWASP Core Rule Set (CRS) team is excited to announce the immediate availability of the OWASP Core Rule Set Version 3.0.0 stable release. This release represents over two and a half years of effort with nearly 1000 commits and...

OWASP ModSecurity CRS Version 3.0 RC2 Released

The OWASP Core Rule Set (CRS) is an Open Source project run by the Open Web Application Security Project (OWASP) and is frequently paired with the Open Source ModSecurity project. As part of Trustwave's commitment to ModSecurity, the Spiderlabs Web...

OWASP ModSecurity CRS Version 3.0 RC1 Released

Trustwave has been dedicated to supporting ModSecurity and the associated community for the better part of a decade. Over this time, ModSecurity and the associated OWASP Core Rule Set (CRS) have seen major advances and are currently positioned as leading...

Sending ModSecurity Logs to MySQL

Previous Work As part of our positions at SpiderLabs Research we each get time to undertake various research tasks. Typically on the Web Server Security team we spend this time improving ModSecurity and Trustwave WAF, analyzing the latest web threats,...

An Overview of the Upcoming libModSecurity

libModSecurity is a major rewrite of ModSecurity. It preserves the rich syntax and feature set of ModSecurity while delivering improved performance, stability, and a new experience in easy integration on different. libModSecurity - Motivations While ModSecurity version 2.9.0 is available...

Protecting Your Sites from Apache.Commons Vulnerabilities

A few weeks ago, FoxGlove Security released this important blog post that includes several Proof-of-Concepts for exploiting Java unserialize vulnerabilities. A remote attacker can gain Remote Code Execution by sending specially crafted payload to any endpoint expecting a serialized...

Joomla 0-Day Exploited In the Wild (CVE-2015-8562)

A recent new 0-day in Joomla discovered by Sucuri (Sucuri Blog) has drawn a lot of attention from the Joomla community, as well as attackers. Using knowledge gained from our recent research on Joomla (CVE-2015-7857, SpiderLabs Blog Post) and information...

Joomla SQL Injection Vulnerability Exploit Results in Full Administrative Access

Trustwave SpiderLabs researcher Asaf Orpani has discovered an SQL injection vulnerability in versions 3.2 through 3.4.4 of Joomla, a popular open-source Content Management System (CMS). Combining that vulnerability with other security weaknesses, our Trustwave SpiderLabs researchers are able to gain...

Stay Connected


Subscribe

Sign up to receive the latest security news and trends from Trustwave.

No spam, unsubscribe at any time.


Trending Topics