SpiderLabs Blog

April 22, 2010 | SpiderLabs Anterior

There was a recent blog article stating that ModSecurity can be bypassed by ...

November 13, 2009

I presented on the OWASP ModSecurity Core Rule Set (CRS) Project yesterday here ...

July 19, 2009 | SpiderLabs Anterior

Just a quick note to let everyone know that a 2-day ModSecurity training class ...

March 12, 2009 | SpiderLabs Anterior

ModSecurity versions 2.5.8 and 2.5.9 have been released to fix two ...

December 22, 2008 | SpiderLabs Anterior

In a previous post I showed how you can use both ModSecurity and Apache ...

December 20, 2008 | SpiderLabs Anterior

If you are unfamiliar with what the HTTPOnly cookie flag is or why your web ...

October 30, 2008 | SpiderLabs Anterior

This year, the OWASP's Summer of Code event contains one project that's of ...

October 29, 2008 | SpiderLabs Anterior

I spent the last week importing ModSecurity's source code repository into ...

October 10, 2008 | SpiderLabs Anterior

In a few weeks' time I will present my favourite talk, Web Intrusion Detection ...

September 11, 2008 | SpiderLabs Anterior

I will be giving the updated version of our ModProfiler presentation this ...

September 08, 2008 | SpiderLabs Anterior

Several years ago, a few more than I'd like to admit, I realised our chances ...

August 27, 2008 | SpiderLabs Anterior

I am happy to announce that we've just launched a public issue tracking ...

August 07, 2008 | SpiderLabs Anterior

Before I talk to the title of this post, I have to provide a little back story. ...

August 04, 2008 | SpiderLabs Anterior

The ModSecurity Log Collector (mlogc) is used to send ModSecurity audit log ...

August 01, 2008

We have just released ModSecurity 2.5.6 to address several issues with ...

July 29, 2008 | SpiderLabs Anterior

Although Solaris has been supported as a platform for ModSecurity since the ...

July 24, 2008 | SpiderLabs Anterior

A revised version (but still a draft) of the Enough With Default Allow in Web ...

July 24, 2008

There are three aspects of the ModSecurity Rule Language we are not very happy ...

July 15, 2008 | SpiderLabs Anterior

The title of this blog post is also the title of a research paper we are ...

July 08, 2008 | SpiderLabs Anterior

We all agree that cross-site scripting is a serious problem, but what continues ...

July 03, 2008 | SpiderLabs Anterior

We receive questions about ModSecurity running on HP-UX from time to time, but ...

June 19, 2008 | SpiderLabs Anterior

As you may know, ModSecurity is licensed under GPL version 2. This license has ...

June 06, 2008 | Trustwave SpiderLabs

In case you missed it, Breach Security has teamed up with WhiteHat Security so ...

June 05, 2008 | SpiderLabs Anterior

OWASP AppSec Europe 2008 in Ghent, which I wrote about in a previous post, ...

May 31, 2008 | SpiderLabs Anterior

In my earlier post entitled "What's the Score of the Game?" I presented the ...

May 27, 2008 | SpiderLabs Anterior

We are excited to announce that Breach Security will be running the 2-day ...

May 21, 2008 | SpiderLabs Anterior

We, as the webappsec community, should try and move away from "Holy Wars" ...

May 09, 2008 | SpiderLabs Anterior

ModSecurity 2.6 will likely be the last branch before ModSecurity 3. The 2.6 ...