Our web honeypots picked up some increased scanning/exploit activity for the following file upload vulnerability in Open Flash Charts -
Since the number of applications that accept JSON input is growing, it is natural to expect that JSON will be also used to transport web application attacks payloads. This leads to the next logical question with regards to defense: Can your Web Application Firewall (WAF) understand JSON? These different web technologies are similar to verbal languages and WAFs need to be multi-lingual to correctly identify attacks and minimize false positives. It is for this reason that we have added JSON support to ModSecurity.
The ModSecurity Project team is pleased to announce the availability of v2.8.0. To see the full release notes or download the the source packages, see the ModSecurity GitHub project release tab:
Our web honeypots picked up some increased exploit attempts for an old Joomla Content Editor (JCE) Extension vulnerability.
There were news stories this week outlining how attackers are abusing the XML-PRC "pingback" feature of WordPress blog sites to launch DDoS attacks on other sites. This blog post will provide some analysis on this attack and additional information for websites to protect themselves.
Submitted by Ziv Mador and Ryan Barnett
This blog post will summarize a recent talk that we (Ryan Barnett and Ziv Mador) gave at the RSA 2014 conference where we showed how tactics used by different cyber-criminal gangs could be used by defenders. You can also listen to this previous SpiderLabs Radio podcast where Karl Sigler interviewed us about our talk.
You may be familar with the Ouroboros symbol where a Serpent is eating its own tail. It symbolizes cyclicality and self-recreation and is applicable to the constant battles that security vendors/researchers have when facing bad guys. For our presentation, we used a modified version called "Dual Ouroboros" where you have two Serpents eating each other's tails.
This is the essence of the concept that we wanted to promote in our talk where we want to leverage the tactics and techniques used by one group of criminals and apply them defensively to help protect against a different criminal element.
This blog post will discuss a section from Recipe 8-5: Detecting Browser Fingerprint Changes During Sessionsin my book "Web Application Defender's Cookbook: Battling Hackers and Protecting Users".
Web client fingerprinting is a centerpiece of modern web fraud detection systems and goes way beyond simply capturing the User-Agent field submitted by clients within web transactions. For instance, common web client fingerprinting usually includes sending client executable code that queries the browser for various settings such as:
This blog post presents a powerful feature of ModSecurity v2.7 that has been highly under-utilized by most users: HMAC Token Protection. There was a previous blog post written that outlined some usage examples here, however we did not properly demonstrate the protection coverage gained by its usage. Specifically, by using the HMAC Token Protection capabilities of ModSecurity, you can reduce the attack surface of the following attacks/vulnerabilities: