Security Research & Defense

Information from Microsoft about vulnerabilities, mitigations and workarounds, active attacks, security research, tools and guidance

Browse by Tags

Related Posts
  • Blog Post: Introducing ModSecurity IIS 2.7.2 Stable Release

    We are pleased to announce the release of a stable version of the open source web application firewall module ModSecurity IIS 2.7.2 . Since the announcement of availability of the beta version in July 2012 , we have been working very hard to bring the quality of the module to meet the enterprise class...
  • Blog Post: Announcing the availability of ModSecurity extension for IIS

    Vulnerabilities in on-line services, like cross-site scripting, cross-site request forgery, or even information disclosure, are important areas of focus for the Microsoft Security Response Center (MSRC). Over the last few years Microsoft has developed a number of tools capable of mitigating selected...
  • Blog Post: Defending Websites from XSS attacks with ModSecurity 2.7.3 and OWASP Core Rule Set 2.2.7

    Even though cross-site scripting vulnerabilities have a 15-year history, they remain a big problem in the web security space. According to our research, there are hundreds of new issues discovered each month, and at least a few of them are being used in high-severity attacks. The general problem of...