ScallyWhack: ModSecurity Rules Package to Deal with Trac Comment Spam
June 29, 2007 | SpiderLabs Anterior
Michael Renzmann wrote to the ModSecurity mailing list recently announcing ...
Another ModSecurity Development Release
June 28, 2007 | SpiderLabs Anterior
Last week I released the second ModSecurity development release, 2.5.0-dev2, in ...
Apache Process Infection
June 27, 2007 | SpiderLabs Anterior
A very interesting research paper titled "Apache Prefork MPM Vulnerabilities" ...
Optimizing Regular Expressions
June 27, 2007
As many of you have noticed, the Core Rule Set contains very complex regular ...
Managing ModSecurity Alerts: More Console Tuning
June 22, 2007 | SpiderLabs Anterior
In a previous Blog entry, I outlined a number of steps that you could take to ...
Extended Validation Certificates: A Change for the Better (But Not Enough)
June 15, 2007 | SpiderLabs Anterior
On June 12th, 2007, the CA/Browser Forum (a group that consists of leading ...
Universal PDF XSS Revisited
June 13, 2007 | SpiderLabs Anterior
The Universal PDF XSS vulnerability was a tipping point for most people ...
ModSecurity Rule for Full-width/Half-width Unicode Evasion Detection
May 23, 2007 | SpiderLabs Anterior
You have probably heard it by now, but US-CERT released a Vulnerability Note ...
ModSecurity 2.2.0 Development Releases
May 15, 2007 | SpiderLabs Anterior
Hello all. As this is my first official blog entry, let me first start off with ...
ModSecurity Console Performance Tuning
May 10, 2007 | SpiderLabs Anterior
Help, my ModSecurity Community Console is not responding!" Perhaps you have ...
ModSecurity Migration Matrix
April 11, 2007 | SpiderLabs Anterior
For all of you who are using ModSecurity 1.x and looking for information on ...
Webinar Featuring WHID on the Top Trends in Web Application Threats
April 03, 2007 | SpiderLabs Anterior
On April 11th I'm going to present a webinar on web application security, with ...
Regular Expression Development Tools
March 30, 2007 | SpiderLabs Anterior
Since ModSecurity is based on regular expressions. Writing rules requires ...
2.1/1.x Rule Differences For Identifying Missing/Empty Headers and Variables
March 22, 2007 | SpiderLabs Anterior
There are certain scenarios where you might want to create white-listed ...
ModSecurity Console: Purpose and Deployment
March 17, 2007 | SpiderLabs Anterior
If you have more then 1 ModSecurity installation, you have undoubtedly run into ...
ModSecurity ASCIIZ Evasion
March 08, 2007 | SpiderLabs Anterior
It has been brought to our attention that a fault in the ModSecurity parsing ...
ModSecurity Status Report
February 23, 2007 | SpiderLabs Anterior
I enjoyed talked about ModSecurity (and web application firewalls) in front of ...
Handling False Positives and Creating Custom Rules
February 17, 2007 | SpiderLabs Anterior
It is inevitable; you will run into some False Positive hits when using web ...
Dealing with Impedance Mismatch
February 07, 2007 | SpiderLabs Anterior
In my previous post I described a potential problem with web application ...
Testing Core Rules Protection For An Example SQL Injection Vulnerability
February 07, 2007 | SpiderLabs Anterior
SANS released their 6th edition of the @RISK Weekly News Letter. In it, there ...
HTTPrint vs. ModSecurity
February 06, 2007 | SpiderLabs Anterior
There was a great email posted to the ModSecurity user mail-list today that ...
PHP Peculiarities for ModSecurity Users
February 06, 2007 | SpiderLabs Anterior
As I was reviewing the ModSecurity 2.1.0-rc7 Reference Manual I realised it did ...
ModSecurity 2.1.0 Improvements
February 05, 2007 | SpiderLabs Anterior
I have just packaged and released ModSecurity for Apache v2.1.0-rc7, in ...
SANS @Risk Web Vulnerabilities List Mitigation Steps
January 30, 2007 | SpiderLabs Anterior
This is a listing of Web Application Vulnerabilities that were released by SANS ...
Top 10 Web Hacks of 2006
January 23, 2007 | SpiderLabs Anterior
Jeremiah Grossman gives an excellent overview of the top Web hacks of 2006. If ...
Key Advantages of the Core Rule Set
January 03, 2007 | SpiderLabs Anterior
Following a question on the core rule set on the ModSecuirty mailing list, I ...
Using ModSecurity 2 Collections in Rules
December 28, 2006 | Trustwave SpiderLabs
A recent posting on the ModSecurity mailing list by K.C. Li is a very good ...
ModSecurity v2.0 Webcast
December 07, 2006 | Trustwave SpiderLabs
In response to many of the common questions and issues posted to the mail-list, ...