Grab a moment and catch Wallarm CEO Ivan Novikov at SyScan 360 which is about to start in hot Singapore. His talk on Key-value injections here! will be on the second day of the conference.
This paper is continuation of memcached injections research presented at BlackHat USA 2014.
The paper presents two main areas of research: input validation vulnerabilities at different key-value clients for popular platforms (c, java, lua, node.js, php, perl, python and ruby) and vulnerabilities inside their engines. Special attention is paid for to the sandboxes inside services.
As a result author found a way to do something like “SQL Injection attacks”, but for key-value storages. Such an attack in practice leads to different effects from authentication bypass to execution of arbitrary interpreter’s code. It’s real world problem found on security audits and existing at different popular web applications
Your board wants AI. Your developers are building with it. Your budget committee is asking…
AI systems are no longer just isolated models responding to human prompts. In modern production…
Broken authorization is one of the most widely known API vulnerabilities. It features in the…
The shadow technology problem is getting worse. Over the past few years, organizations have scaled…
API security has been a growing concern for years. However, while it was always seen…
It’s an unusually cold winter morning in Houston, and Craig Riddell is settling into his…