Category

Web Application Security

Category

Last week we’ve visited the first NGINX User Summit and were lucky to give a lightning talk about Wallarm there. The event took place at Dogpatch Studios in San Francisco and gathered about a hundred people. It started with a crash course on NGINX fundamentals and continued with an overview of NGINX history and future roadmap by Igor Sysoev, six lightning talks from other participants and Yichun Zhang talking about his experience developing and profiling…

Time is one of the key parameters in a pentester’s work. It can either interfere with security analysis efforts by reminding you about the deadline and an eager client, or help you out when performing an audit. How? Take for example the database data extraction technique based on measuring server reply times that’s used in blind SQL injections. However, this approach isn’t limited to database operations. It can also be applied when working with file…