SpiderLabs Blog

September 14, 2010 | SpiderLabs Anterior

This week's topic discusses how to validate application SessionIDs submitted by ...

September 09, 2010 | SpiderLabs Anterior

The Web Hacking Incident Database (WHID) is a project dedicated to maintaining ...

September 07, 2010 | SpiderLabs Anterior

This week's feature is the effective use of Real-time Blacklist lookups (@rbl).

September 01, 2010 | SpiderLabs Anterior

This week's feature is the effective use of Transformation functions.

August 30, 2010 | SpiderLabs Anterior

I am excited to announce that the OWASP ModSecurity Core Rule Set (CRS) has ...

August 27, 2010 | SpiderLabs Anterior

Greetings everyone, I wanted to announce the availability of the OWASP ...

July 21, 2010 | SpiderLabs Anterior

ModSecurity Community,

April 22, 2010 | SpiderLabs Anterior

There was a recent blog article stating that ModSecurity can be bypassed by ...

July 19, 2009 | SpiderLabs Anterior

Just a quick note to let everyone know that a 2-day ModSecurity training class ...

March 12, 2009 | SpiderLabs Anterior

ModSecurity versions 2.5.8 and 2.5.9 have been released to fix two ...

December 22, 2008 | SpiderLabs Anterior

In a previous post I showed how you can use both ModSecurity and Apache ...

December 20, 2008 | SpiderLabs Anterior

If you are unfamiliar with what the HTTPOnly cookie flag is or why your web ...

October 30, 2008 | SpiderLabs Anterior

This year, the OWASP's Summer of Code event contains one project that's of ...

October 29, 2008 | SpiderLabs Anterior

I spent the last week importing ModSecurity's source code repository into ...

October 10, 2008 | SpiderLabs Anterior

In a few weeks' time I will present my favourite talk, Web Intrusion Detection ...

September 11, 2008 | SpiderLabs Anterior

I will be giving the updated version of our ModProfiler presentation this ...

September 08, 2008 | SpiderLabs Anterior

Several years ago, a few more than I'd like to admit, I realised our chances ...

August 27, 2008 | SpiderLabs Anterior

I am happy to announce that we've just launched a public issue tracking ...

August 07, 2008 | SpiderLabs Anterior

Before I talk to the title of this post, I have to provide a little back story. ...

August 04, 2008 | SpiderLabs Anterior

The ModSecurity Log Collector (mlogc) is used to send ModSecurity audit log ...

July 29, 2008 | SpiderLabs Anterior

Although Solaris has been supported as a platform for ModSecurity since the ...

July 24, 2008 | SpiderLabs Anterior

A revised version (but still a draft) of the Enough With Default Allow in Web ...

July 15, 2008 | SpiderLabs Anterior

The title of this blog post is also the title of a research paper we are ...

July 08, 2008 | SpiderLabs Anterior

We all agree that cross-site scripting is a serious problem, but what continues ...

July 03, 2008 | SpiderLabs Anterior

We receive questions about ModSecurity running on HP-UX from time to time, but ...

June 19, 2008 | SpiderLabs Anterior

As you may know, ModSecurity is licensed under GPL version 2. This license has ...

June 05, 2008 | SpiderLabs Anterior

OWASP AppSec Europe 2008 in Ghent, which I wrote about in a previous post, ...

May 31, 2008 | SpiderLabs Anterior

In my earlier post entitled "What's the Score of the Game?" I presented the ...