Portable Web Application Firewall Rule Format News
August 23, 2005 | Trustwave SpiderLabs
As some of you may know, I've been working on the portable web application ...
Major updates to ModSecurity in 1.9dev3
August 20, 2005 | SpiderLabs Anterior
This version implements the final batch of major improvements to the 1.9.x ...
Improvements to the Servlet specification
August 09, 2005 | SpiderLabs Anterior
A while ago Greg Murray (the Servlet specification lead) asked for ideas for ...
Web Security Improvement Ideas
July 13, 2005 | SpiderLabs Anterior
I have been keeping a list of web security improvement ideas for some time now. ...
PHP chapter from Apache Security available for download
June 13, 2005 | SpiderLabs Anterior
I have made the PHP chapter from Apache Security available for free download. ...
More on impedance mismatch
June 10, 2005 | SpiderLabs Anterior
Recently there has been increased interest in the impedance mismatch problem, ...
The future of web application firewalls
June 08, 2005 | SpiderLabs Anterior
It always pays off to visit Richard Bejtlich's blog once in a while. (Or, even ...
External Web Application Protection: Impedance Mismatch
March 10, 2005 | SpiderLabs Anterior
Web application firewalls have a difficult job trying to make sense of data ...
Mod_security 1.8.7RC2 available
March 01, 2005 | SpiderLabs Anterior
Second release candidate for mod_security 1.8.7 is available for download. I ...
ModSecurity for Java Milestone 3 now available
January 06, 2005 | SpiderLabs Anterior
I have just released an updated version of ModSecurity for Java. This version ...
mod_security and the PHPBB worm (Santy.A)
December 23, 2004
I have been asked to design a mod_security rule to protect sites from the ...
Portable web firewall rule format
September 03, 2004 | Trustwave SpiderLabs
For some time now I've been working on a portable web firewall rule format as ...
WASC releases Threat Classification
July 30, 2004
They've been very quiet for a number of months and now you know what they have ...
AVDL becomes a standard
June 17, 2004
Application Vulnerability Description Language (AVDL) has been approved as an ...
Network Security Hack #93: mod_security
May 05, 2004
O'Reilly have a new book out: Network Security Hacks. It is a really good book ...
ModSecurity audit log to MySQL parser
April 15, 2004 | SpiderLabs Anterior
Dhillon A. K. has written a new article about mod_security. The article is ...
Chroot support significantly improved in v1.8
April 09, 2004
Last night I updated the code that provides the internal chroot functionality ...
Web Application Security Consortium Announced
February 27, 2004
A new organisation has just been announced: the Web Application Security ...
Paper on passive information gathering
February 11, 2004 | Trustwave SpiderLabs
TechicalInfo.Net is an excellent resource for Web Security information. Gunter ...
AVDL Committee Draft is out
February 08, 2004
This morning I got news of AVDL becoming a Committee Draft; you can get it ...
JIRA license for ModSecurity
February 05, 2004
I am very happy to announce that I've been granted a free JIRA license to use ...
Free Apache hardening utility
February 04, 2004
Syhunt, a security tool company from Brazil, have released a free Apache ...
New Apache module: mod_log_forensic
January 22, 2004
A new module has been added to the Apache CVS repository: mod_log_forensic. It ...
End of year post!
November 15, 2003
I thought a post to mark the end of the year would be in order. It has been a ...
File interception supported
November 15, 2003
Building on the multipart/form-data support I added to mod_security the other ...
Multipart support added
November 12, 2003
Over the weekend I worked on adding the multipart/form-data support to ...
A milestone reached
October 30, 2003
I feel like I've reached a new milestone with mod_security. First of all, it is ...
Updated the Snort rules conversion script
October 21, 2003
The new version of the script to convert Snort rules into mod_security rules is ...