The old mentality of building a moat around important assets and trusting anyone or anything that is already inside the castle perimeter has failed us. Attackers have developed many techniques to jump the moat and scale the castle walls to get at what they want. Thus, the new rallying cry is to implement Zero Trust–the notion that no entity – human or machine, inside or outside the perimeter – should be trusted unconditionally until authenticated,…
What do you know about your APIs? Why are the vulnerable v2 and v3 still exposed if they are deprecated…
HTTP/2 become the standard defacto for the modern web and causes new application security risks. The HTTP2 request smuggling is…
Welcome to our weekly exploit digest! We should say this hasn’t been a big week because guys keep producing exploits…
Welcome to the Wallarm weekly web exploits digest! Since this week, we will publish our weekly digests consists of web…
The recent critical security issue in VMware vCenter was discovered this January and fixed on February 23rd https://www.vmware.com/security/advisories/VMSA-2021-0002.html. The exploit looks like…
Grammarly is the unicorn company that announced its open bug bounty program last September. Since that time, many security researchers…
Most of the Wallarm e-commerce customers are running WAF protection with Brute-Force attacks protection functionality
The risks involved with the operatorAliases option in Sequelize, the popular library for DBMSs
Consul is a software first released in 2014 for DNS-based service discovery. It provides distributed key-value storage, segmentation, and configuration.…
New critical Apache Unomi exploit was released yesterday. As an official press release says: “Apache Unomi is the industry’s first…
