ModSecurity for Apache 1.9 has been released!
November 10, 2005
Finally. I already wrote about many new features available in this release. ...
Draft from the Web Application Firewall Evaluation Criteria project
October 15, 2005
The web application firewall (WAF) market is a bit confusing at the moment ...
A few more features made it into ModSecurity 1.9
September 21, 2005 | SpiderLabs Anterior
A small number of new features made it into 1.9 at the very last minute. ...
Apache 2.1.7 beta released
September 13, 2005 | SpiderLabs Anterior
A new beta version of the Apache web server has been released. This release is ...
What's new in ModSecurity 1.9
September 08, 2005 | SpiderLabs Anterior
You may have noticed it's been a while since ModSecurity has had a major ...
Portable Web Application Firewall Rule Format News
August 23, 2005 | Trustwave SpiderLabs
As some of you may know, I've been working on the portable web application ...
Major updates to ModSecurity in 1.9dev3
August 19, 2005 | SpiderLabs Anterior
This version implements the final batch of major improvements to the 1.9.x ...
Improvements to the Servlet specification
August 08, 2005 | SpiderLabs Anterior
A while ago Greg Murray (the Servlet specification lead) asked for ideas for ...
Web Security Improvement Ideas
July 12, 2005 | SpiderLabs Anterior
I have been keeping a list of web security improvement ideas for some time now. ...
PHP chapter from Apache Security available for download
June 13, 2005 | SpiderLabs Anterior
I have made the PHP chapter from Apache Security available for free download. ...
More on impedance mismatch
June 10, 2005 | SpiderLabs Anterior
Recently there has been increased interest in the impedance mismatch problem, ...
The future of web application firewalls
June 07, 2005 | SpiderLabs Anterior
It always pays off to visit Richard Bejtlich's blog once in a while. (Or, even ...
External Web Application Protection: Impedance Mismatch
March 09, 2005 | SpiderLabs Anterior
Web application firewalls have a difficult job trying to make sense of data ...
Mod_security 1.8.7RC2 available
February 28, 2005 | SpiderLabs Anterior
Second release candidate for mod_security 1.8.7 is available for download. I ...
ModSecurity for Java Milestone 3 now available
January 05, 2005 | SpiderLabs Anterior
I have just released an updated version of ModSecurity for Java. This version ...
mod_security and the PHPBB worm (Santy.A)
December 22, 2004
I have been asked to design a mod_security rule to protect sites from the ...
Portable web firewall rule format
September 03, 2004 | Trustwave SpiderLabs
For some time now I've been working on a portable web firewall rule format as ...
WASC releases Threat Classification
July 29, 2004
They've been very quiet for a number of months and now you know what they have ...
AVDL becomes a standard
June 16, 2004
Application Vulnerability Description Language (AVDL) has been approved as an ...
Network Security Hack #93: mod_security
May 04, 2004
O'Reilly have a new book out: Network Security Hacks. It is a really good book ...
ModSecurity audit log to MySQL parser
April 15, 2004 | SpiderLabs Anterior
Dhillon A. K. has written a new article about mod_security. The article is ...
Chroot support significantly improved in v1.8
April 08, 2004
Last night I updated the code that provides the internal chroot functionality ...
Web Application Security Consortium Announced
February 26, 2004
A new organisation has just been announced: the Web Application Security ...
Paper on passive information gathering
February 11, 2004
TechicalInfo.Net is an excellent resource for Web Security information. Gunter ...
AVDL Committee Draft is out
February 07, 2004
This morning I got news of AVDL becoming a Committee Draft; you can get it ...
JIRA license for ModSecurity
February 04, 2004
I am very happy to announce that I've been granted a free JIRA license to use ...
Free Apache hardening utility
February 03, 2004
Syhunt, a security tool company from Brazil, have released a free Apache ...
New Apache module: mod_log_forensic
January 21, 2004
A new module has been added to the Apache CVS repository: mod_log_forensic. It ...