Announcing the ModSecurity XSS Evasion Challenge
July 30, 2013 | Ryan Barnett
The SpiderLabs Research Team is pleased to announce the release of the ...
ModSecurity Advanced Topic of the Week: Mitigating XSS Vulnerabilities Using Targeted CSP Enforcement
July 15, 2013 | Ryan Barnett
Content Security Policy (CSP) Implementation Challenges CSP is an extremely ...
[Honeypot Alert] Inside the Attacker's Toolbox: Webshell Usage Logging
June 19, 2013 | Ryan Barnett
In a previous blog post, we discussed the common lifecycle of web server botnet ...
[Honeypot Alert] Active Exploits Attempts for Plesk Vulnerability
June 10, 2013 | Ryan Barnett
Last week, hacker "kingcope" provided PoC expliot code for a Plesk 0-day on the ...
ModSecurity Updates: Nginx Stable Release and Google Summer of Code Participation
June 06, 2013 | Ryan Barnett
Availability of ModSecurity 2.7.4: Nginx Stable Release The ModSecurity ...
XML External Entity (XXE) Execution Disabled in ModSecurity v2.7.3
April 30, 2013 | Ryan Barnett
On February 27, 2013, the ModSecurity project team was notified by security ...
Accidental Stored XSS Flaw in Zemanta 'Related Posts' Plugin for TypePad
April 22, 2013 | Ryan Barnett
Note that the vulnerability described here was fixed by Zemanta.
Defending WordPress Logins from Brute Force Attacks
April 16, 2013 | Ryan Barnett
As has been reported by many news outlets , WordPress login pages have been ...
Restricting Adobe CQ Admin Logins with Trustwave WAFs
April 11, 2013 | Ryan Barnett
One of the many useful features of a web application firewall (WAF) is its ...
ModSecurity User Survey 2013
April 05, 2013 | Ryan Barnett
The ModSecurity web application firewall project has grown a lot in the past ...
Web Application Defender's Cookbook: CCDC Blue Team Cheatsheet
April 05, 2013 | Ryan Barnett
Trustwave is a corporate sponsor of the National Collegiate Cyber Defense ...
[Honeypot Alert] User-Agent Field PHP Injection Attacks
February 15, 2013 | Ryan Barnett
In a previous Honeypot Alert blog post, I showed an example of attackers using ...
Microsoft Patch Tuesday, February 2013 – Happy Chinese New Year!
February 12, 2013 | Ryan Barnett
Submitted by Space Rogue
Server-Side XSS Attack Detection with ModSecurity and PhantomJS
February 08, 2013 | Ryan Barnett
Client-Side JS Overriding Limitations In a previous blog post, I outlined how ...
[Honeypot Alert] Active Probes for Ruby on Rails XML Vulns
January 25, 2013 | Ryan Barnett
In a previous blog post, I outlined some ModSecurity defenses to help protect ...
ModSecurity Mitigations for Ruby on Rails XML Exploits
January 10, 2013 | Ryan Barnett
There is big trouble in Ruby on Rails (RoR) land... The issue is related to XML ...
Setting HoneyTraps with ModSecurity: Unused Web Ports
December 17, 2012 | Ryan Barnett
This blog post will show an easy configuration update that you can make to your ...
[Honeypot Alert] Turning Local File Inclusion into Reflected Code Execution
December 12, 2012 | Ryan Barnett
Which web application attack type is more severe: Local File Inclusion (LFI) or ...
[Honeypot Alert] SQL Injection Scanning Detected in WordPress Error Logs
December 07, 2012 | Ryan Barnett
Normally for these Web Honeypot alert blog posts, I show snippets of the Apache ...
[Honeypot Alert] SQL Injection Scanning Targeting Joomla Plugins
December 03, 2012 | Ryan Barnett
The following SQL Injection attack payloads targeting Joomla components were ...
[Honeypot Alert] User-Agent Field XSS Attacks
November 29, 2012 | Ryan Barnett
Our web honeypots picked up some more XSS attacks today:
Detecting Successful XSS Testing with JS Overrides
November 29, 2012 | Ryan Barnett
Do you know when an attacker or security researcher successfully finds a ...
Announcing the availability of ModSecurity extension for Nginx
September 28, 2012 | Ryan Barnett
ModSecurity for Nginx ModSecurity for Nginx is a web server plug-in for the ...
WAF Normalization and I18N
August 29, 2012 | Ryan Barnett
Submitted By Breno Silva Pinto and Ryan Barnett
Announcing the availability of ModSecurity extension for IIS
July 27, 2012 | Ryan Barnett
This blog post has also been posted on the Microsoft Security Research and ...
Beyond Apache: ModSecurity for IIS/Nginx is Coming
July 21, 2012 | Ryan Barnett
The Trustwave SpiderLabs Research Team is proud to announce that, through a ...
[Honeypot Alert] PHP-CGI Vuln Targeted For Database Dumping
June 19, 2012 | Ryan Barnett
Thanks to my SpiderLabs Research colleague @claudijd for collaborating with ...
ModSecurity and OWASP CRS Updates Available
June 15, 2012 | Ryan Barnett
Security Fix Release: ModSecurity v2.6.6 The ModSecurity Development Team has ...