Category

Web Application Security

Category

In our modern world, web applications are becoming ever more important. Bad actors know this and they target them more frequently than ever before. This is not likely to stop any time soon as the number of web applications the world needs will only go up with its reliance on technology. To fully prevent an attack is impossible but we need to try our hardest to do so and in our daily struggles in this…

We are proud to announce that Wallarm NG WAF was ranked as a “High performer” by G2 in the Web Application Firewall category. This award from the G2 platform confirms that our solution is highly rated by current verified Wallarm WAF users, who left unbiased reviews and answers to WAF-related questions featured in the G2 review form. To be included in the Web Application Firewalls (WAF) category for G2 reports a product must: Inspect traffic…

The old mentality of building a moat around important assets and trusting anyone or anything that is already inside the castle perimeter has failed us. Attackers have developed many techniques to jump the moat and scale the castle walls to get at what they want. Thus, the new rallying cry is to implement Zero Trust–the notion that no entity – human or machine, inside or outside the perimeter – should be trusted unconditionally until authenticated,…

What do you know about your APIs? Why are the vulnerable v2 and v3 still exposed if they are deprecated for almost a year? What else is exposed and you don’t even know? Are Swagger specs up to date? (Teaser: Surely not). A lot of questions, right? Meet Wallarm’s latest feature for API Discovery and Observability to better understand and protect your APIs in cloud-native environments. What is Wallarm API Discovery? Wallarm API Discovery identifies…

HTTP/2 become the standard defacto for the modern web and causes new application security risks. The HTTP2 request smuggling is one of a few HTTP/2 vulnerabilities with the high severity that raised last year. In this post, we will describe it in detail and suggest an open-source tool http2smugl that detects such kinds of vulnerabilities. HTTP/2 is the thing that already took an Internet. According to the Wikipedia: “The standardization effort was supported by Chrome,…

Welcome to our weekly exploit digest! We should say this hasn’t been a big week because guys keep producing exploits for the vulnerabilities discovered in the 1st half of March. Nevertheless, we have some new good arrivals for VMware, MS Windows and Win32 to talk about. New 4+ scored exploits have arrived for 7 software titles: VMware View Planner (v4.6)Win32k ConsoleControlMicrosoft Exchange 2019Microsoft Windows Containers DP APISonLogger (v4.2.3.3)LiveZilla Server (v8.0.1.0)CuteNews (v2.1.2) Here are the types…