SpiderLabs Blog

February 18, 2008 | SpiderLabs Anterior

Breach Labs which sponsors WHID has issued an analysis of the Web Hacking ...

January 30, 2008 | SpiderLabs Anterior

The ModSecurity 2.5 release is scheduled for early/mid February. With the ...

January 25, 2008

ModSecurity 2.5 introduces a really cool, yet somewhat obscure feature called ...

January 22, 2008

Some time ago I decided to start a new blog, a place where I would be able to ...

January 11, 2008 | SpiderLabs Anterior

I have just added a new section to the ModSecurity v2.5 Reference Manual, ...

January 09, 2008 | SpiderLabs Anterior

I will be speaking about ModSecurity at ApacheCon Europe in Amsterdam later ...

January 08, 2008 | SpiderLabs Anterior

Here is a snippet from the just released SANS NewsBites letter:

January 02, 2008 | SpiderLabs Anterior

Large Wordlist Example You will find the greatest benefit of using the set ...

December 29, 2007 | SpiderLabs Anterior

We've had a couple of very interesting presentations on the OWASP London ...

December 22, 2007 | SpiderLabs Anterior

The first release candidate for the ModSecurity 2.5 release is now available. ...

December 04, 2007 | SpiderLabs Anterior

Using SecRuleRemoveById to handle false positives The SecRuleRemoveById ...

November 30, 2007 | SpiderLabs Anterior

ModSecurity 2.1.4 is the latest stable release of ModSecurity. The 2.1.4 ...

November 07, 2007 | SpiderLabs Anterior

ModSecurity is a really powerful beast. It can do anything you want, at least ...

November 06, 2007 | SpiderLabs Anterior

As some of you may know, I am heading up the WASC Distributed Open Proxy ...

October 18, 2007 | SpiderLabs Anterior

I am very excited to announce that I will be instructing a live 2-day ...

September 13, 2007

ModSecurity 2.1.3 is the latest stable release of ModSecurity. The 2.1.3 ...

August 31, 2007 | SpiderLabs Anterior

NIST has released a new guide on securing Web Services. It is a pretty good ...

August 27, 2007 | SpiderLabs Anterior

Virtual Patching is a policy for a web application firewall (in this case ...

August 27, 2007 | SpiderLabs Anterior

Today I released ModSecurity 2.1.2. This is the latest stable release of ...

July 28, 2007 | SpiderLabs Anterior

In many ways vulnerability remediation is like a Track and Field race and the ...

June 29, 2007 | SpiderLabs Anterior

Michael Renzmann wrote to the ModSecurity mailing list recently announcing ...

June 28, 2007 | SpiderLabs Anterior

Last week I released the second ModSecurity development release, 2.5.0-dev2, in ...

June 27, 2007 | SpiderLabs Anterior

A very interesting research paper titled "Apache Prefork MPM Vulnerabilities" ...

June 27, 2007

As many of you have noticed, the Core Rule Set contains very complex regular ...

June 22, 2007 | SpiderLabs Anterior

In a previous Blog entry, I outlined a number of steps that you could take to ...

June 15, 2007 | SpiderLabs Anterior

On June 12th, 2007, the CA/Browser Forum (a group that consists of leading ...

June 13, 2007 | SpiderLabs Anterior

The Universal PDF XSS vulnerability was a tipping point for most people ...

May 23, 2007 | SpiderLabs Anterior

You have probably heard it by now, but US-CERT released a Vulnerability Note ...