Category

API Security

Category

This is the largest vulnerability we have seen in years. You may still be vulnerable even if your project is not based on Java. Many tech stacks are vulnerable because so many tools use the Log4js including infrastructure, dev-tools, and CI/CD products. Log4Shell will be here for a while. Log4j is a basic core component that is already in use in many products, including network devices, management consoles, and enterprise software and hardware. They just…

Wallarm has rolled out the update to detect and mitigate CVE-2021-44228. No additional actions are required from the customers Attempts at exploitation will be automatically blocked in a blocking mode When working in a monitoring mode, consider creating a virtual patch Log4Shell A 0-day exploit in the Java core library log4j was discovered that results in Remote Code Execution (RCE) by simple 1-line exploit with JNDI URL. Given how ubiquitous this library is, the impact…

We all know how it’s convenient to use tools like Sentry or Datadogs for JavaScript events monitoring. It allows to catch errors in real-time, organize and manage issues resolution process, and genuinely shift left operations to developers. But Wallarm security experts warn of dangerous patterns to use such tools integrated into UI since it can cause private data-stealing from authenticated users in an almost invisible way. This article will explain how it could happen and…

Shadow APIs can be defined as active endpoints that you are not aware of. Some APIs are deployed but never documented. Others are services that don’t have an owner anymore. Some are even old v2 versions that have been deprecated for years, yet still exposed. Long story short: these APIs are not documented and not in the API catalog. Yet, they pose a real threat as they can be vulnerable. What we see as a trend…

Attacks against known vulnerabilities are one of the most common security risks. Have you seen an updated OWASP Top-10? A risk that used to be A09 Using Components with Known Vulnerabilities is now titled A06:2021-Vulnerable and Outdated Components. This category moved up to #06 from #9 in 2017. We highlighted this in our OWASP Top 10 2021 proposal that we published earlier this year. We all know: patch management is hard. For many reasons: backward…

Introduction With online gambling clubs turning into a staple alternative across nations like the United Kingdom, numerous sites are showing up out of nowhere and not all are protected or secure. Numerous club regulars pick to utilize correlation locales, as the UK gambling clubs recorded at believed sites like Casimple.com all get autonomously checked to guarantee they are completely authorized and reasonable. There is little uncertainty with regards to why the internet betting climate is…