SpiderLabs Blog

March 17, 2007 | SpiderLabs Anterior

If you have more then 1 ModSecurity installation, you have undoubtedly run into ...

March 08, 2007 | SpiderLabs Anterior

It has been brought to our attention that a fault in the ModSecurity parsing ...

February 23, 2007 | SpiderLabs Anterior

I enjoyed talked about ModSecurity (and web application firewalls) in front of ...

February 17, 2007 | SpiderLabs Anterior

It is inevitable; you will run into some False Positive hits when using web ...

February 07, 2007 | SpiderLabs Anterior

In my previous post I described a potential problem with web application ...

February 07, 2007 | SpiderLabs Anterior

SANS released their 6th edition of the @RISK Weekly News Letter. In it, there ...

February 06, 2007 | SpiderLabs Anterior

As I was reviewing the ModSecurity 2.1.0-rc7 Reference Manual I realised it did ...

February 05, 2007 | SpiderLabs Anterior

I have just packaged and released ModSecurity for Apache v2.1.0-rc7, in ...

January 30, 2007 | SpiderLabs Anterior

This is a listing of Web Application Vulnerabilities that were released by SANS ...

January 23, 2007 | SpiderLabs Anterior

Jeremiah Grossman gives an excellent overview of the top Web hacks of 2006. If ...

January 03, 2007 | SpiderLabs Anterior

Following a question on the core rule set on the ModSecuirty mailing list, I ...

December 28, 2006 | Trustwave SpiderLabs

A recent posting on the ModSecurity mailing list by K.C. Li is a very good ...

December 07, 2006 | Trustwave SpiderLabs

In response to many of the common questions and issues posted to the mail-list, ...

October 24, 2006 | SpiderLabs Anterior

A while ago Federico Biancuzzi contacted me to ask if I'd be interested to give ...

August 18, 2006 | SpiderLabs Anterior

A significant event occurred on the mod-security-users mailing list in July: a ...

August 17, 2006 | SpiderLabs Anterior

I was asked recently to investigate performance of an ModSecurity installation ...

August 14, 2006 | SpiderLabs Anterior

Last week I spent some time stress-testing Apache 2.2.3 configured to work as a ...

August 07, 2006 | SpiderLabs Anterior

You can tell that I am too busy when I take almost three months to blog about ...

July 24, 2006 | SpiderLabs Anterior

Back in March 2006 I was approached by Forrester Research and invited to ...

July 12, 2006 | SpiderLabs Anterior

I just came across this and can't help but make a note about it: A web hosting ...

July 04, 2006 | SpiderLabs Anterior

I love the command line, I do. But there are some tasks where this type of user ...

June 28, 2006 | SpiderLabs Anterior

One of the things I realy dislike in ModSecurity 1.x is that its anti-evasion ...

June 27, 2006 | SpiderLabs Anterior

It's very well known (and even widely accepted) that our current web ...

June 13, 2006 | SpiderLabs Anterior

Yury Zaytsev wrote to me recently to tell me about his experiences in jailing ...

May 23, 2006 | SpiderLabs Anterior

I have been awfully quiet recently, having made my last post to this blog in ...

March 28, 2006 | SpiderLabs Anterior

I was recently involved with a project where we needed to configure an Apache ...

March 08, 2006 | SpiderLabs Anterior

It's that time of year again, when I get to work on new features (instead of ...

March 07, 2006 | SpiderLabs Anterior

I have just released ModSecurity for Apache 1.9.3-rc1, a release candidate, as ...