Implementing AppSensor Detection Points in ModSecurity
August 31, 2011 | Ryan Barnett
This is a follow-up to a previous blog post entitled "Real-time Application ...
Detecting Malice with ModSecurity: (Updated) CSRF Attacks
August 30, 2011 | Ryan Barnett
UPDATE - since this original post, we added new data manipulation capabilities ...
(Updated) Mitigation of Apache Range Header DoS Attack
August 24, 2011 | Ryan Barnett
Update After deeper research into the underlying vulnerability and analyzing ...
ModSecurity Advanced Topic of the Week: (Updated) Exception Handling
August 23, 2011 | Ryan Barnett
UPDATE - since this original post, we added new exception handling capabilities ...
What Do Bug Bounties Cover?
August 19, 2011
Over the past few days in the UK we have been bombarded with arguments and ...
ModSecurity Advanced Topic of the Week: Automated Virtual Patching Script
August 18, 2011 | Ryan Barnett
Automated Virtual Patching Example Script
ModSecurity Advanced Topic of the Week: Audit Log Searching with ModGrep
August 11, 2011 | Ryan Barnett
This is an updated section from my previous book Preventing Web Attacks with ...
Auto-BAHN: Using Smart phones to create emergency, ad hoc networks
August 10, 2011 | Thomas Wilhelm
Thomas Wilhelm, Sr. Security Consultant at Trustwave SpiderLabs, revealed a ...
TWSL2011-008: Focus Stealing Vulnerability in Android
August 08, 2011 | Josh Grunzweig
The SpiderLabs team at Trustwave published a new advisory today, which details ...
Regression Workaround for TWSL2011-007: The iOS SSL Validation Vulnerability (UPDATED)
August 07, 2011
Trustwave SpiderLabs recently released an advisory (TWSL2011-007) regarding ...
What Web Application Security Monitoring Can Learn From Casino Surveillance
August 07, 2011 | Ryan Barnett
New Edition of SpiderLabs Radio - Interviews with SpiderLabs DEF CON Speakers
August 02, 2011 | Zack Fasel
This month, Zack Fasel and Tom Mackenzie interview the SpiderLabs Team Members ...
Detecting Malice with ModSecurity: HoneyTraps
August 02, 2011 | Ryan Barnett
This week's installment of Detecting Malice with ModSecurity will discuss how ...
Live ModSecurity Challenges at Blackhat Arsenal
July 28, 2011 | Ryan Barnett
ModSecurity is participating in the upcoming Blackhat Arsenal Tools Demo next ...
ModSecurity SQL Injection Challenge: Lessons Learned
July 26, 2011 | Ryan Barnett
This is a post-mortem blog post to discuss the successful Level II evasions ...
A whole lot of Spiders at DEF CON 19
July 26, 2011 | SpiderLabs Anterior
Next week members of Trustwave's SpiderLabs team will be headed to Las Vegas to ...
TWSL2011-007: iOS SSL Implementation Does Not Validate Certificate Chain
July 25, 2011 | Josh Grunzweig
The SpiderLabs team at Trustwave published a new advisory today, which details ...
Advanced Topic of the Week: (Updated) Real-time Blacklist Lookups
July 19, 2011 | Ryan Barnett
Updated - the information in this blog has been updated to reflect the current ...
Announcing Release of ModSecurity v2.6.1
July 18, 2011 | Ryan Barnett
Availability of ModSecurity 2.6.1-RC1 Release (July 18, 2011) The ModSecurity ...
Spiders Are FUN!!! at DEF CON 19
July 15, 2011 | Zack Fasel
DEF CON's coming up soon (3 weeks to be exact), and there's a lot of excellent ...
(Updated) ModSecurity Advanced Topic of the Week: Mitigating Slow HTTP DoS Attacks
July 13, 2011 | Ryan Barnett
Update - the latest version of the ModSecurity 2.6 has a new directive called ...
Announcing Release of ModSecurity v2.6.1-RC1
June 30, 2011
Availability of ModSecurity 2.6.1-RC1 Release (June 30, 2011) The ModSecurity ...
Announcing the ModSecurity SQL Injection Challenge
June 22, 2011 | Ryan Barnett
The ModSecurity Project Team is happy to announce our first community hacking ...
ModSecurity Advanced Topic of the Week: Application Logout Response Actions
June 21, 2011 | Ryan Barnett
Application Defense Response Actions What is the best way to respond to ...
TWSL2011-006: IBM Web Application Firewall Bypass
June 21, 2011
The SpiderLabs team at Trustwave published a new advisory today, which details ...
Patch the Vuln - Feathers - SQLi(1)
June 20, 2011
Spot the Vuln -> Patch the Vuln SpotTheVuln This blog post series is ...
Patch the Vuln - Feathers - SQLi
June 20, 2011 | Ryan Barnett
Spot the Vuln -> Patch the Vuln SpotTheVuln This blog post series is ...
My Other Ride is Your Image Upload Script(1)
June 13, 2011 | Dan Crowley
Many security issues are based upon mistaken assumptions. For instance, when ...