Virtual Patch for ASP.Net Forms Authentication Bypass Vulnerability (CVE-2011-3416)
Last Thursday, Microsoft released an out-of-band security patch (MS11-100) which includes a fix for ...
Read More
[Honeypot Alert] phpThumb() 'fltr[]' Parameter Command Injection Detected
The SpiderLabs Research Team has identified active scanning for the phpThumb() 'fltr[]' Parameter ...
Read More[Honeypot Alert] Plone and Zope Remote Command Execution Detected
We have identified active scanning for the recent Plone and Zope Remote Command Execution ...
Read More[Honeypot Alert] User Agent Field Arbitrary PHP Code Execution
While reviewing today's web honeypot logs, SpiderLabs Research identified two new attack variations.
Read MoreAnnouncing Release of OWASP ModSecurity Core Rule Set v2.2.3
The SpiderLabs Research Team is pleased to announce the ModSecurity OWASP Core Rule Set v2.2.3 ...
Read More[Honeypot Alert] phpAlbum PHP Code Execution Attacks
We have seen a number of scans probing for phpAlbum code execution vulns in our web honeypot logs:
Read More[Honeypot Alert] Awstats Command Injection Scanning Detected
Issue Detected Our daily web honeypot analysis has detected an increase in scanning looking for ...
Read More[Honeypot Alert] WordPress/Joomla/Mambo SQL Injection Scanning Detected
Our web honeypot analysis today detected scanning looking for SQL Injection flaws in a number of ...
Read More[Honeypot Alert] WordPress/Joomla/Mambo SQL Injection Scanning Detected
Our web honeypot analysis today detected scanning looking for SQL Injection flaws in a number of ...
Read More[Honeypot Alert] Mass Joomla Component LFI Attacks Identified
Joomla Component LFI Vulnerabilities Joomla has hundreds of Controller components. Check out the ...
Read MoreModSecurity Advanced Topic of the Week: Remote File Inclusion Attack Detection
Remote file inclusion (RFI) is a popular technique used to attack web applications (especially php ...
Read MoreImplementing AppSensor Detection Points in ModSecurity
This is a follow-up to a previous blog post entitled "Real-time Application Profiling" that ...
Read MoreDetecting Malice with ModSecurity: (Updated) CSRF Attacks
UPDATE - since this original post, we added new data manipulation capabilities to v2.6.0 with the ...
Read More(Updated) Mitigation of Apache Range Header DoS Attack
Update After deeper research into the underlying vulnerability and analyzing customer traffic, ...
Read MoreModSecurity Advanced Topic of the Week: (Updated) Exception Handling
UPDATE - since this original post, we added new exception handling capabilities to v2.6.0 which are ...
Read MoreModSecurity Advanced Topic of the Week: Automated Virtual Patching Script
Automated Virtual Patching Example Script
Read MoreModSecurity Advanced Topic of the Week: Audit Log Searching with ModGrep
This is an updated section from my previous book Preventing Web Attacks with Apache and discusses a ...
Read MoreDetecting Malice with ModSecurity: HoneyTraps
This week's installment of Detecting Malice with ModSecurity will discuss how to implement ...
Read MoreLive ModSecurity Challenges at Blackhat Arsenal
ModSecurity is participating in the upcoming Blackhat Arsenal Tools Demo next week in Las Vegas.
Read MoreModSecurity SQL Injection Challenge: Lessons Learned
This is a post-mortem blog post to discuss the successful Level II evasions found by participants ...
Read MoreAdvanced Topic of the Week: (Updated) Real-time Blacklist Lookups
Updated - the information in this blog has been updated to reflect the current RBL enhancement ...
Read MoreAnnouncing Release of ModSecurity v2.6.1
Availability of ModSecurity 2.6.1-RC1 Release (July 18, 2011) The ModSecurity Development Team is ...
Read More(Updated) ModSecurity Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks
Update - the latest version of the ModSecurity 2.6 has a new directive called SecWriteStateLimit ...
Read MoreAnnouncing the ModSecurity SQL Injection Challenge
The ModSecurity Project Team is happy to announce our first community hacking challenge!
Read MoreModSecurity Advanced Topic of the Week: Application Logout Response Actions
Application Defense Response Actions What is the best way to respond to suspicious transactions ...
Read MorePatch the Vuln - Feathers - SQLi
Spot the Vuln -> Patch the Vuln SpotTheVuln This blog post series is designed to be a companion ...
Read More