Category

Different attack types

Category

Introduction to GraphQL Representational state transfer (REST) APIs are the most popular type of API. However, GraphQL is rapidly growing in popularity as a competitor to REST. GraphQL is a meta-layer with built-in query language to access object-oriented data. It’s based on JSON-encoded HTTP requests with custom queries inside. Unlike REST, there is no data inside the URL. These differences between traditional REST APIs and GraphQL ones can create challenges for security. Legacy web application…

One of the services Wallarm offers today are Pentest Audits. Our team has met a new challenging task at a recent project: penetration test & usage for Apache Solr V4.10.4. We want to use this blog to describe the way we have identified vulnerability & managed to execute commands with root privileges. Hope that it will help DevOps teams & sysadmins with Apache Solr deployment & to protect their data. While working on a new…

When it comes to XXE issues, hackers have multiple ways to take advantage of WAF configurations. We are going to show you four ways hackers trick WAFs, sneaking XXE issues past their defenses. 4 hacker XXE methods for bypassing WAFs: Extra document spacesInvalid formatExotic encodingsOne doc: two types of encoding Once you understand the issue, you should be able to restore the fire to your defenses. We will show you how. A little background on XXE…

What do you do if you need to protect your website from XSS attacks? Most people patch it and get a WAF. This is common knowledge and there are plenty of places where you could go to get basic protection for your websites. From a free solution to solutions costing hundreds of thousands of dollars, most of them will claim they protect from OWASP Top 10 threats. So is there a real difference between WAFs?…