Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: Diaries by Keyword Diaries by Keyword

Special Webcast: What you need to know about the crypt32.dll vulnerability. Register Now

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Date Author Title

WAF WEBAPPSEC BOTS SPIDERS CRAWLERS HTTP APACHE

2010-01-25William Salusky"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"

WAF

2010-01-25/a>William Salusky"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"
2009-01-12/a>William SaluskyWeb Application Firewalls (WAF) - Have you deployed WAF technology?

WEBAPPSEC

2010-01-25/a>William Salusky"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"

BOTS

2019-10-30/a>Xavier MertensKeep an Eye on Remote Access to Mailboxes
2019-08-08/a>Johannes Ullrich[Guest Diary] The good, the bad and the non-functional, or "how not to do an attack campaign"
2017-07-19/a>Xavier MertensBots Searching for Keys & Config Files
2016-12-31/a>Xavier MertensOngoing Scans Below the Radar
2010-11-18/a>Chris CarboniAll of your pages are belonging to us
2010-08-19/a>Daniel WesemannCasper the unfriendly ghost
2010-05-07/a>Johannes UllrichStock market "wipe out" may be due to computer error
2010-01-25/a>William Salusky"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"

SPIDERS

2010-01-25/a>William Salusky"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"

CRAWLERS

2010-01-25/a>William Salusky"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"

HTTP

2019-08-14/a>Brad DuncanRecent example of MedusaHTTP malware
2019-01-21/a>Didier StevensSuspicious GET Request: Do You Know What This Is?
2017-12-03/a>Xavier MertensStartSSL: Termination of Services is Now Scheduled
2017-08-18/a>Guy Bruneautshark 2.4 New Feature - Command Line Export Objects
2017-05-05/a>Xavier MertensHTTP Headers... the Achilles' heel of many applications
2016-07-18/a>Johannes UllrichHTTP Proxy Header Vulnerability ("httpoxy")
2016-07-05/a>Johannes UllrichApache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979)
2016-06-15/a>Richard PorterWarp Speed Ahead, L7 Open Source Packet Generator: Warp17
2016-01-19/a>Rob VandenBrinkPowershell and HTTPS ? It Ain?t All Rainbows And Lollipops! (or is it?)
2015-06-23/a>Kevin ShorttXOR DDOS Mitigation and Analysis
2015-04-15/a>Johannes UllrichMS15-034: HTTP.sys (IIS) DoS And Possible Remote Code Execution. PATCH NOW
2014-04-07/a>Johannes UllrichAttack or Bad Link? Your Guess?
2013-12-11/a>Johannes UllrichBrowser Fingerprinting via SSL Client Hello Messages
2013-11-15/a>Johannes UllrichThe Security Impact of HTTP Caching Headers
2013-07-16/a>Johannes UllrichWhy don't we see more examples of web app attacks via POST?
2013-02-22/a>Chris MohanPHP 5.4.12 and PHP 5.3.22 released http://www.php.net/ChangeLog-5.php
2013-02-06/a>Johannes UllrichHTTP Range Header and Partial Downloads
2012-05-29/a>Johannes UllrichSpeeding up the Web and your IDS / Firewall
2012-02-08/a>Jim ClausingChrome to stop checking Certificate Revocation List (CRL)?
2011-07-13/a>Guy BruneauNew Sguil HTTPRY Agent
2011-07-10/a>Raul SilesSecurity Testing SSL/TLS (HTTPS) Implementations
2011-06-29/a>Johannes UllrichRandom SSL Tips and Tricks
2011-03-16/a>Johannes UllrichAnalyzing HTTP Packet Captures
2011-02-15/a>Jason LamHTTP headers fun
2010-07-30/a>Guy BruneauWeb Traffic Analysis with httpry
2010-01-25/a>William Salusky"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"

APACHE

2018-06-06/a>Xavier MertensConverting PCAP Web Traffic to Apache Log
2016-07-05/a>Johannes UllrichApache Update: TLS Certificate Authentication Bypass with HTTP/2 (CVE-2016-4979)
2015-10-12/a>Guy BruneauCritical Vulnerability in Multiple Cisco Products - Apache Struts 2 Command Execution http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20131023-struts2
2014-07-28/a>Johannes UllrichInteresting HTTP User Agent "chroot-apach0day"
2014-03-17/a>Jim ClausingNew Apache web server release
2014-03-13/a>Daniel WesemannWeb server logs containing RS=^ ?
2013-11-27/a>Rob VandenBrinkApache 2.4.7 is released 11/25. Download: http://httpd.apache.org/download.cgi#apache24 and Readme: http://apache.mirror.iweb.ca//httpd/CHANGES_2.4.7
2013-04-30/a>Russ McReeApache binary backdoor adds malicious redirect to Blackhole
2012-02-22/a>Johannes UllrichApache 2.4 Features
2011-10-06/a>Rob VandenBrinkApache HTTP Server mod_proxy reverse proxy issue
2011-08-30/a>Johannes UllrichApache patch out for "byte range" DoS vulnerability http://www.apache.org/dist/httpd/Announcement2.2.html
2011-08-25/a>Kevin ShorttRevival of an Unpatched Apache HTTPD DoS
2010-04-13/a>Johannes UllrichApache.org Bugtracker Breach
2010-03-07/a>Mari NicholsApache releases version 2.2.15 with 5 security fixes including OpenSSL issue.
2010-01-25/a>William Salusky"Bots and Spiders and Crawlers, be gone!" - or - "New Open Source WebAppSec tools, Huzzah!"
2009-10-14/a>Johannes UllrichOdd Apache/MSIE issue with downloads from ISC
2009-08-28/a>Adrien de Beaupreapache.org compromised
2009-06-23/a>Bojan ZdrnjaSlowloris and Iranian DDoS attacks
2009-06-21/a>Bojan ZdrnjaApache HTTP DoS tool mitigation
2009-06-18/a>Bojan ZdrnjaApache HTTP DoS tool released
2009-04-07/a>Johannes UllrichCommon Apache Misconception
2009-01-12/a>William SaluskyWeb Application Firewalls (WAF) - Have you deployed WAF technology?
2008-10-09/a>Bojan ZdrnjaWatch that .htaccess file on your web site