SpiderLabs Blog

January 11, 2008 | SpiderLabs Anterior

I have just added a new section to the ModSecurity v2.5 Reference Manual, ...

January 09, 2008 | SpiderLabs Anterior

I will be speaking about ModSecurity at ApacheCon Europe in Amsterdam later ...

January 08, 2008 | SpiderLabs Anterior

Here is a snippet from the just released SANS NewsBites letter:

January 02, 2008 | SpiderLabs Anterior

Large Wordlist Example You will find the greatest benefit of using the set ...

December 29, 2007 | SpiderLabs Anterior

We've had a couple of very interesting presentations on the OWASP London ...

December 22, 2007 | SpiderLabs Anterior

The first release candidate for the ModSecurity 2.5 release is now available. ...

December 04, 2007 | SpiderLabs Anterior

Using SecRuleRemoveById to handle false positives The SecRuleRemoveById ...

November 30, 2007 | SpiderLabs Anterior

ModSecurity 2.1.4 is the latest stable release of ModSecurity. The 2.1.4 ...

November 07, 2007 | SpiderLabs Anterior

ModSecurity is a really powerful beast. It can do anything you want, at least ...

November 06, 2007 | SpiderLabs Anterior

As some of you may know, I am heading up the WASC Distributed Open Proxy ...

October 18, 2007 | SpiderLabs Anterior

I am very excited to announce that I will be instructing a live 2-day ...

August 31, 2007 | SpiderLabs Anterior

NIST has released a new guide on securing Web Services. It is a pretty good ...

August 27, 2007 | SpiderLabs Anterior

Virtual Patching is a policy for a web application firewall (in this case ...

August 27, 2007 | SpiderLabs Anterior

Today I released ModSecurity 2.1.2. This is the latest stable release of ...

July 28, 2007 | SpiderLabs Anterior

In many ways vulnerability remediation is like a Track and Field race and the ...

June 29, 2007 | SpiderLabs Anterior

Michael Renzmann wrote to the ModSecurity mailing list recently announcing ...

June 27, 2007 | SpiderLabs Anterior

A very interesting research paper titled "Apache Prefork MPM Vulnerabilities" ...

June 27, 2007 | Admin

As many of you have noticed, the Core Rule Set contains very complex regular ...

June 22, 2007 | SpiderLabs Anterior

In a previous Blog entry, I outlined a number of steps that you could take to ...

June 15, 2007 | SpiderLabs Anterior

On June 12th, 2007, the CA/Browser Forum (a group that consists of leading ...

June 13, 2007 | SpiderLabs Anterior

The Universal PDF XSS vulnerability was a tipping point for most people ...

May 23, 2007 | SpiderLabs Anterior

You have probably heard it by now, but US-CERT released a Vulnerability Note ...

May 15, 2007 | SpiderLabs Anterior

Hello all. As this is my first official blog entry, let me first start off with ...

May 10, 2007 | SpiderLabs Anterior

Help, my ModSecurity Community Console is not responding!" Perhaps you have ...

April 11, 2007 | SpiderLabs Anterior

For all of you who are using ModSecurity 1.x and looking for information on ...

April 03, 2007 | SpiderLabs Anterior

On April 11th I'm going to present a webinar on web application security, with ...

March 30, 2007 | SpiderLabs Anterior

Since ModSecurity is based on regular expressions. Writing rules requires ...

March 22, 2007 | SpiderLabs Anterior

There are certain scenarios where you might want to create white-listed ...