My Other Ride is Your Image Upload Script
June 13, 2011 | Dan Crowley
Many security issues are based upon mistaken assumptions. For instance, when ...
TWSL2011-004: Cross-Site Scripting Vulnerability in ZyXEL ZyWALL 70 Firewall(1)
June 10, 2011 | Josh Grunzweig
The SpiderLabs team at Trustwave published a new advisory today, which details ...
ModSecurity Advanced Topic of the Week: Unicode Mapping Support
June 07, 2011 | Ryan Barnett
ModSecurity Happy Hour at Blackhat USA 2011
June 06, 2011 | Ryan Barnett
I am excited to announce that SpiderLabs will be hosting a ModSecurity Happy ...
Announcing Release of OWASP ModSecurity Core Rule Set v2.2.0
May 26, 2011 | Ryan Barnett
The ModSecurity Development Team is pleased to announce the release of the ...
Analysis and Evolution of MacDefender OS X Fake AV Scareware
May 24, 2011 | Eric Monti
Over the last month, a new fake AV scareware variant has been circulating for ...
Announcing Release of ModSecurity v2.6.0
May 24, 2011
The ModSecurity Development Team is pleased to announce the availability of ...
National Cyber Safety Awareness Day is May 17th
May 17, 2011
We're taking a short break from our normal technical posts to write about ...
Analyzing Malware Hollow Processes
May 16, 2011
The Malware Analyst's Cookbook is a great book. In it the authors talked about ...
Latest Web Hacking Incident Database (WHID) Entries
May 16, 2011 | Ryan Barnett
These are the lastest entries added by SpiderLabs to the Web Application ...
Unicode Visual Spoofing for Good: Confusable CAPTCHAs
May 10, 2011 | Ryan Barnett
In this blog post, I will show a proof of concept method of leveraging Unicode ...
Latest Web Hacking Incident Database (WHID) Entries (1)
May 09, 2011 | Ryan Barnett
These are the lastest entries added by SpiderLabs to the Web Application ...
ModSecurity Advanced Topic of the Week: Passive Vulnerability Scanning Part 2 - Watcher Checks
May 03, 2011 | Ryan Barnett
In a previous blog post entitled "ModSecurity Advanced Topic of the Week: ...
Latest Web Hacking Incident Database (WHID) Entries(2)
May 02, 2011 | Ryan Barnett
These are the lastest entries added by SpiderLabs to the Web Application ...
Reaching Trustwave's WebDefend Minus World
April 27, 2011 | Ryan Barnett
So my inbox lit up today with a Full Disclosure note about a vulnerability in ...
Detecting Malice with ModSecurity: Request Method Anomalies
April 26, 2011 | Ryan Barnett
This week's installment of Detecting Malice with ModSecurity will discuss how ...
Who's in the Driver's Seat?
April 26, 2011 | SpiderLabs Anterior
Events over the last seven days have dramatically underlined the pitfalls and ...
Latest Web Hacking Incident Database (WHID) Entries (3)
April 25, 2011 | Ryan Barnett
These are the lastest entries added by SpiderLabs to the Web Application ...
ModSecurity Advanced Topic of the Week: Integrating IDS Signatures
April 21, 2011 | Ryan Barnett
Snort Web Attack Rules You may be familiar with the Emerging Threats project. ...
ModSecurity 2.6.0-rc1 is now available
April 18, 2011 | Ryan Barnett
The ModSecurity Development Team is pleased to announce the availability of ...
Latest Web Hacking Incident Database (WHID) Entries (4)
April 18, 2011 | Ryan Barnett
These are the lastest entries added by SpiderLabs to the Web Application ...
Securing the Fifth Domain
April 13, 2011 | SpiderLabs Anterior
In May 2010, the final disappearance of the line between physical and virtual ...
ModSecurity Advanced Topic of the Week: Integrating Content Security Policy (CSP)
April 13, 2011 | Ryan Barnett
Mozilla's Content Security Policy (CSP) Mozilla has developed a fantastic ...
Latest Web Hacking Incident Database (WHID) Entries (5)
April 11, 2011
These are the lastest entries added by SpiderLabs to the Web Application ...
CSS and XSS in Melodious Harmony
April 07, 2011
Web application penetration testers, have you ever run into a situation where ...
ModSecurity Advanced Topic of the Week: Malware Link Removal
April 06, 2011
This is a follow-up post to ModSecurity Advanced Topic of the Week: Malware ...
Analysis of LizaMoon: Stored XSS via SQL Injection
April 05, 2011 | Ryan Barnett
Blended Attacks
Defective By Design? - Certificate Revocation Behavior In Modern Browsers
April 04, 2011 | Paul Kehrer
With the recent fraudulent certificate incident involving one of Comodo's RAs ...