CVE-2010-4506 and CVE-2010-4507 Released
The SpiderLabs team published two new advisories today. The first, CVE-2010-4506, was discovered in ...
Read More
New Director of SpiderLabs EMEA Announced
I am very pleased to be able to announce on this blog that the SpiderLabs team has a new Director ...
Read MoreAdvanced Topic of the Week: Traditional vs. Anomaly Scoring Detection Modes
In the latest SVN trunk version of the CRS (2.0.9), we have implemented the capability for users to ...
Read MoreEncrypting Data at Rest
Data should be encrypted at rest and in motion. In this post, I'll discuss encrypting data files ...
Read MoreModSecurity 2.5.13 release candidate
A release candidate of 2.5.13 ModSecurity into the svn repository (branch 2.5.x) is already ...
Read MoreDetecting Malice with ModSecurity: IP Forensics
This week's installment of Detecting Malice with ModSecurity will discuss the value of obtaining ...
Read MoreDetecting Malice with ModSecurity: GeoLocation Data
I would like to introduce a new blog series entitled - Detecting Malice with ModSecurity and will ...
Read MoreModSecurity Life cycle
We are proud to announce the new release 2.5.13 is under development and will be released next ...
Read MoreModSecurity User Survey Results Released
As a result of the acquisition of Breach Security (and thus ModSecurity) by Trustwave, we thought ...
Read MoreWelcome Aboard Breno Silva
I am excited to announce that Breno Silva has joined Trustwave's SpiderLabs Research Team where he ...
Read MoreAdvanced Topic of the Week: Preventing Malicious PDF File Uploads
Many reports have indicated that malicious PDFs that exploit flaws in Adobe's Acrobat Reader are ...
Read MoreAdvanced Topic of the Week: XSS Defense via Content Injection
Introduction In last week's post on Identifying Improper Output Handling, we showed a method to use ...
Read MoreAdvanced Topic of the Week: Identifying Improper Output Handling (XSS Flaws)
A Topic Presents Itself
Read MoreAdvanced Topic of the Week: Validating SessionIDs
This week's topic discusses how to validate application SessionIDs submitted by clients.
Read MoreWASC WHID Bi-Annual Report for 2010
The Web Hacking Incident Database (WHID) is a project dedicated to maintaining a record of web ...
Read MoreAdvanced Topic of the Week: Real-time Blacklist Lookups
This week's feature is the effective use of Real-time Blacklist lookups (@rbl).
Read MoreAdvanced Topic of the Week: Transformation Functions
This week's feature is the effective use of Transformation functions.
Read MoreOWASP ModSecurity CRS Project Promoted to Release Quality
I am excited to announce that the OWASP ModSecurity Core Rule Set (CRS) has completed its official ...
Read MoreOWASP ModSecurity Core Rule Set (CRS) v2.0.8 Released
Greetings everyone, I wanted to announce the availability of the OWASP ModSecurity CRS v2.0.8. ...
Read MoreAdvanced Topic of the Week: Validating Byte Ranges
We are starting a new blog post series here on the ModSecurity site called "Advanced Feature of the ...
Read MoreWhat's up @ ModSecurity?
Since Black Hat and DEFCON we have been busying building teams and aligning objectives over here at ...
Read MoreImpedance Mismatch and Base64
There was a recent blog article stating that ModSecurity can be bypassed by adding invalid ...
Read MoreOWASP AppSec DC Update
I presented on the OWASP ModSecurity Core Rule Set (CRS) Project yesterday here at the AppSec DC ...
Read MoreModSecurity Training at Blackhat USA 2009
Just a quick note to let everyone know that a 2-day ModSecurity training class was added to the ...
Read MoreModSecurity Vulnerabilities Fixed
ModSecurity versions 2.5.8 and 2.5.9 have been released to fix two vulnerabilities which could be ...
Read More