Web Application Security Consortium Announced
February 26, 2004
A new organisation has just been announced: the Web Application Security ...
Paper on passive information gathering
February 11, 2004
TechicalInfo.Net is an excellent resource for Web Security information. Gunter ...
AVDL Committee Draft is out
February 07, 2004
This morning I got news of AVDL becoming a Committee Draft; you can get it ...
JIRA license for ModSecurity
February 04, 2004
I am very happy to announce that I've been granted a free JIRA license to use ...
Free Apache hardening utility
February 03, 2004
Syhunt, a security tool company from Brazil, have released a free Apache ...
New Apache module: mod_log_forensic
January 21, 2004
A new module has been added to the Apache CVS repository: mod_log_forensic. It ...
End of year post!
November 15, 2003
I thought a post to mark the end of the year would be in order. It has been a ...
File interception supported
November 14, 2003
Building on the multipart/form-data support I added to mod_security the other ...
Multipart support added
November 11, 2003
Over the weekend I worked on adding the multipart/form-data support to ...
A milestone reached
October 30, 2003
I feel like I've reached a new milestone with mod_security. First of all, it is ...
Updated the Snort rules conversion script
October 20, 2003
The new version of the script to convert Snort rules into mod_security rules is ...
Converted Snort rules to mod_security rules
October 08, 2003 | SpiderLabs Anterior
I wrote a simple Perl script to convert Snort rules to mod_security rules and ...
Enhanced rules now available
September 23, 2003 | SpiderLabs Anterior
The last change before the 1.7 release is now in the CVS. I have refactored the ...
Cookie parsing added
September 20, 2003 | Trustwave SpiderLabs
Now you can analyse cookies using new selective filtering variables ...
Masking your web server
September 15, 2003 | SpiderLabs Anterior
There is a new feature available in the CVS, and it allows you to mask your web ...
Changed name to Web Security Blog
September 13, 2003
I decided to change the name of this blog to "Web Security Blog". I figured ...
Output filtering now in CVS
August 25, 2003
The new output filtering functions are now in CVS. I implemented this feature ...
New action: pause
August 01, 2003
I have added a new action to the CVS, called "pause". It accepts one parameter, ...
Added Unicode encoding validation
July 24, 2003 | SpiderLabs Anterior
I've just committed the Unicode validation feature to the CVS. It is a very ...
Selective Filtering
July 18, 2003
I've just added a new feature to mod_security (CVS, both versions) that allows ...
Fun with PHP CLI scripts
July 12, 2003
I've had quite a lot of "fun" with PHP CLI scripts the other day. As you ...
Apache chrooting simplified
June 11, 2003
I've added a new (and experimental) feature to mod_security (CVS and Apache 1.x ...
URL decoding bug fixed
June 06, 2003
I just fixed a small bug in the URL decoding routine. Apparently, I forgot to ...
Porting mod_security to Windows
June 04, 2003 | SpiderLabs Anterior
With module functioning well on Unix-based platforms I decided to start with ...