Announcing Release of OWASP ModSecurity Core Rule Set v2.2.0

May 26, 2011 | Ryan Barnett

The ModSecurity Development Team is pleased to announce the release of the ...

Read More

Latest Web Hacking Incident Database (WHID) Entries

May 16, 2011 | Ryan Barnett

These are the lastest entries added by SpiderLabs to the Web Application ...

Read More

Unicode Visual Spoofing for Good: Confusable CAPTCHAs

May 10, 2011 | Ryan Barnett

In this blog post, I will show a proof of concept method of leveraging Unicode ...

Read More

Latest Web Hacking Incident Database (WHID) Entries (1)

May 09, 2011 | Ryan Barnett

These are the lastest entries added by SpiderLabs to the Web Application ...

Read More

ModSecurity Advanced Topic of the Week: Passive Vulnerability Scanning Part 2 - Watcher Checks

May 03, 2011 | Ryan Barnett

In a previous blog post entitled "ModSecurity Advanced Topic of the Week: ...

Read More

Latest Web Hacking Incident Database (WHID) Entries(2)

May 02, 2011 | Ryan Barnett

These are the lastest entries added by SpiderLabs to the Web Application ...

Read More

Reaching Trustwave's WebDefend Minus World

April 27, 2011 | Ryan Barnett

So my inbox lit up today with a Full Disclosure note about a vulnerability in ...

Read More

Detecting Malice with ModSecurity: Request Method Anomalies

April 26, 2011 | Ryan Barnett

This week's installment of Detecting Malice with ModSecurity will discuss how ...

Read More

Latest Web Hacking Incident Database (WHID) Entries (3)

April 25, 2011 | Ryan Barnett

These are the lastest entries added by SpiderLabs to the Web Application ...

Read More

ModSecurity Advanced Topic of the Week: Integrating IDS Signatures

April 21, 2011 | Ryan Barnett

Snort Web Attack Rules You may be familiar with the Emerging Threats project. ...

Read More

ModSecurity 2.6.0-rc1 is now available

April 18, 2011 | Ryan Barnett

The ModSecurity Development Team is pleased to announce the availability of ...

Read More

Latest Web Hacking Incident Database (WHID) Entries (4)

April 18, 2011 | Ryan Barnett

These are the lastest entries added by SpiderLabs to the Web Application ...

Read More

ModSecurity Advanced Topic of the Week: Integrating Content Security Policy (CSP)

April 13, 2011 | Ryan Barnett

Mozilla's Content Security Policy (CSP) Mozilla has developed a fantastic ...

Read More

Analysis of LizaMoon: Stored XSS via SQL Injection

April 05, 2011 | Ryan Barnett

Blended Attacks

Read More

Latest Web Hacking Incident Database (WHID) Entries(6)

April 04, 2011 | Ryan Barnett

These are the lastest entries added by SpiderLabs to the Web Application ...

Read More

Latest Web Hacking Incident Database (WHID) Entries(7)

March 28, 2011 | Ryan Barnett

These are the lastest entries added by SpiderLabs to the Web Application ...

Read More

Detecting Malice with ModSecurity: Open Proxy Abuse

March 25, 2011 | Ryan Barnett

This week's installment of Detecting Malice with ModSecurity will discuss how ...

Read More

ModSecurity Advanced Topic of the Week: Malware Link Detection

March 17, 2011 | Ryan Barnett

Planting of Malware Planting of malware links into legitimate websites in order ...

Read More

ModSecurity Advanced Topic of the Week: Inbound/Outbound Correlation

March 11, 2011 | Ryan Barnett

Alert Management - Correlated Events One important alert management issue for ...

Read More

ModSecurity Advanced Topic of the Week: Passive Vulnerability Scanning Part 1 - OSVDB Checks

February 24, 2011 | Ryan Barnett

One of the most under-appreciated capabilities of web application firewalls ...

Read More

Java Floating Point DoS Attack Protection

February 15, 2011 | Ryan Barnett

As many of you may have heard, there is an interesting Java DoS scenario out -

Read More

LOIC DDoS Analysis and Detection

January 28, 2011 | Ryan Barnett

Submitted By Rodrigo Montoro

Read More

Advanced Topic of the Week: Generic Attack Payload Detection

January 27, 2011 | Ryan Barnett

The Inevitable Bypass of Blacklist Filtering Let's face the facts, blacklist ...

Read More

Trustwave's Global Security Report 2011: Web Application Risks

January 20, 2011 | Ryan Barnett

Yesterday, we released Trustwave's Global Security Report 2011 (short ...

Read More

Detecting Malice with ModSecurity: CSRF Attacks

January 11, 2011 | Ryan Barnett

This week's installment of Detecting Malice with ModSecurity will discuss how ...

Read More

ModSecurity Advanced Topic of the Week: Credit Card Tracking

January 04, 2011 | Ryan Barnett

The just released CRS v2.1.0 includes Credit Card Tracking rules. These will ...

Read More

Announcing Release of OWASP ModSecurity Core Rule Set v2.1.0

December 29, 2010 | Ryan Barnett

I am pleased to announce the release of the OWASP ModSecurity Core Rule Set ...

Read More

(Updated) Advanced Topic of the Week: Handling Authorized Scanning Traffic

December 21, 2010 | Ryan Barnett

Updated - the latest OWASP ModSecurity CRS release has a rules file to handle ...

Read More