Advanced Topic of the Week: XSS Defense via Content Injection
September 28, 2010
Introduction In last week's post on Identifying Improper Output Handling, we ...
Advanced Topic of the Week: Identifying Improper Output Handling (XSS Flaws)
September 21, 2010
A Topic Presents Itself
Automated Padding Oracle Attacks With PadBuster
September 14, 2010 | Brian Holyfield
An automated script for performing Padding Oracle attacks.
Advanced Topic of the Week: Validating SessionIDs
September 14, 2010 | SpiderLabs Anterior
This week's topic discusses how to validate application SessionIDs submitted by ...
WASC WHID Bi-Annual Report for 2010
September 09, 2010 | SpiderLabs Anterior
The Web Hacking Incident Database (WHID) is a project dedicated to maintaining ...
Advanced Topic of the Week: Real-time Blacklist Lookups
September 07, 2010 | SpiderLabs Anterior
This week's feature is the effective use of Real-time Blacklist lookups (@rbl).
Advanced Topic of the Week: Transformation Functions
September 01, 2010 | SpiderLabs Anterior
This week's feature is the effective use of Transformation functions.
OWASP ModSecurity CRS Project Promoted to Release Quality
August 30, 2010 | SpiderLabs Anterior
I am excited to announce that the OWASP ModSecurity Core Rule Set (CRS) has ...
OWASP ModSecurity Core Rule Set (CRS) v2.0.8 Released
August 27, 2010 | SpiderLabs Anterior
Greetings everyone, I wanted to announce the availability of the OWASP ...
Advanced Topic of the Week: Validating Byte Ranges
August 24, 2010
We are starting a new blog post series here on the ModSecurity site called ...
What's up @ ModSecurity?
August 11, 2010
Since Black Hat and DEFCON we have been busying building teams and aligning ...
ModSecurity Happy Hour @ Black Hat USA
July 21, 2010
ModSecurity Community,
Impedance Mismatch and Base64
April 22, 2010 | SpiderLabs Anterior
There was a recent blog article stating that ModSecurity can be bypassed by ...
OWASP AppSec DC Update
November 13, 2009
I presented on the OWASP ModSecurity Core Rule Set (CRS) Project yesterday here ...
ModSecurity Training at Blackhat USA 2009
July 19, 2009 | SpiderLabs Anterior
Just a quick note to let everyone know that a 2-day ModSecurity training class ...
ModSecurity Vulnerabilities Fixed
March 12, 2009 | SpiderLabs Anterior
ModSecurity versions 2.5.8 and 2.5.9 have been released to fix two ...
Fixing Both Missing HTTPOnly and Secure Cookie Flags
December 22, 2008 | SpiderLabs Anterior
In a previous post I showed how you can use both ModSecurity and Apache ...
Helping Protect Cookies with HTTPOnly Flag
December 20, 2008 | SpiderLabs Anterior
If you are unfamiliar with what the HTTPOnly cookie flag is or why your web ...
Securing WebGoat using ModSecurity
October 30, 2008
This year, the OWASP's Summer of Code event contains one project that's of ...
ModSecurity's Source Code Repository Is Now Open
October 29, 2008 | SpiderLabs Anterior
I spent the last week importing ModSecurity's source code repository into ...
ModSecurity at ApacheCon US 2008
October 10, 2008 | SpiderLabs Anterior
In a few weeks' time I will present my favourite talk, Web Intrusion Detection ...
ModProfiler Presentation at OWASP AppSec Israel 2008
September 11, 2008 | SpiderLabs Anterior
I will be giving the updated version of our ModProfiler presentation this ...
ModProfiler: Leading ModSecurity Towards Positive Security
September 08, 2008 | SpiderLabs Anterior
Several years ago, a few more than I'd like to admit, I realised our chances ...
ModSecurity Issue Tracker Now Available
August 27, 2008 | SpiderLabs Anterior
I am happy to announce that we've just launched a public issue tracking ...
Microsoft and Oracle Helping 'Time-to-Fix' Problems
August 07, 2008 | SpiderLabs Anterior
Before I talk to the title of this post, I have to provide a little back story. ...
ModSecurity 2.5.6 and Mlogc
August 04, 2008 | SpiderLabs Anterior
The ModSecurity Log Collector (mlogc) is used to send ModSecurity audit log ...
Transformation Caching Unstable, Fixed, But Deprecated
August 01, 2008
We have just released ModSecurity 2.5.6 to address several issues with ...
ModSecurity In Solaris
July 29, 2008 | SpiderLabs Anterior
Although Solaris has been supported as a platform for ModSecurity since the ...