Category

Cloud Security

Category

We all know how it’s convenient to use tools like Sentry or Datadogs for JavaScript events monitoring. It allows to catch errors in real-time, organize and manage issues resolution process, and genuinely shift left operations to developers. But Wallarm security experts warn of dangerous patterns to use such tools integrated into UI since it can cause private data-stealing from authenticated users in an almost invisible way. This article will explain how it could happen and…

HTTP/2 become the standard defacto for the modern web and causes new application security risks. The HTTP2 request smuggling is one of a few HTTP/2 vulnerabilities with the high severity that raised last year. In this post, we will describe it in detail and suggest an open-source tool http2smugl that detects such kinds of vulnerabilities. HTTP/2 is the thing that already took an Internet. According to the Wikipedia: “The standardization effort was supported by Chrome,…

On July 14th, Emil Lerner found and explored new ways of HTTP desync/smuggling exploitation based on HTTP/2 request processing issues. He submitted the bug to the Cloudflare security team through their bug bounty program. This security issue took Cloudflare a week to fix and was completed on July the 24th. Emil was awarded with a $1’000 bounty, and on August 15th, the company accepted this bug for public disclosure. Here we go. The nature and…

An easy to use Cloud WAF and API protection package We are thrilled to announce the launch of the new Wallarm Cloud WAF deployment for Wallarm Cloud-Native Security Platform. Get your application protection up and running in 15 minutes, without any installation at all. You can now gain protection across a full portfolio of your applications, APIs, and serverless workloads without any agent installation at all. Typically Wallarm customers install Wallarm nodes as Kubernetes Ingress…