SpiderLabs Blog

January 04, 2011 | Ryan Barnett

The just released CRS v2.1.0 includes Credit Card Tracking rules. These will ...

January 03, 2011 | SpiderLabs Anterior

SpiderLabs is the advanced security team at Trustwave with a focus on ...

January 03, 2011 | SpiderLabs Anterior

I am pleased to announce that industry veteran Tom Brennan has joined the ...

December 29, 2010

On the morning of Dec. 25, yet another anti-security eZine was published, its ...

December 29, 2010 | Ryan Barnett

I am pleased to announce the release of the OWASP ModSecurity Core Rule Set ...

December 21, 2010 | Ryan Barnett

Updated - the latest OWASP ModSecurity CRS release has a rules file to handle ...

December 16, 2010

ModSecurity Demonstration Projects We have a number of different ModSecurity ...

December 13, 2010 | nosteve

Man-in-the-middle attacks are old. Really, really old. Maybe even as old as ...

December 11, 2010 | Josh Grunzweig

The SpiderLabs team published two new advisories today. The first, ...

December 08, 2010 | SpiderLabs Anterior

I am very pleased to be able to announce on this blog that the SpiderLabs team ...

November 18, 2010 | SpiderLabs Anterior

Greetings everyone,

November 18, 2010 | SpiderLabs Anterior

In the latest SVN trunk version of the CRS (2.0.9), we have implemented the ...

November 16, 2010

Data should be encrypted at rest and in motion. In this post, I'll discuss ...

November 05, 2010 | SpiderLabs Anterior

A release candidate of 2.5.13 ModSecurity into the svn repository (branch ...

November 03, 2010 | SpiderLabs Anterior

This week's installment of Detecting Malice with ModSecurity will discuss the ...

October 27, 2010 | SpiderLabs Anterior

I would like to introduce a new blog series entitled - Detecting Malice with ...

October 22, 2010 | SpiderLabs Anterior

We are proud to announce the new release 2.5.13 is under development and will ...

October 21, 2010

As a result of the acquisition of Breach Security (and thus ModSecurity) by ...

October 21, 2010

Request Header Tagging

October 13, 2010 | SpiderLabs Anterior

I am excited to announce that Breno Silva has joined Trustwave's SpiderLabs ...

October 06, 2010 | SpiderLabs Anterior

Many reports have indicated that malicious PDFs that exploit flaws in Adobe's ...

September 28, 2010

Introduction In last week's post on Identifying Improper Output Handling, we ...

September 21, 2010

A Topic Presents Itself

September 14, 2010 | Brian Holyfield

An automated script for performing Padding Oracle attacks.

September 14, 2010 | SpiderLabs Anterior

This week's topic discusses how to validate application SessionIDs submitted by ...

September 09, 2010 | SpiderLabs Anterior

The Web Hacking Incident Database (WHID) is a project dedicated to maintaining ...

September 07, 2010 | SpiderLabs Anterior

This week's feature is the effective use of Real-time Blacklist lookups (@rbl).

September 01, 2010 | SpiderLabs Anterior

This week's feature is the effective use of Transformation functions.