Grab a moment and catch Wallarm CEO Ivan Novikov at SyScan 360 which is about to start in hot Singapore. His talk on Key-value injections here! will be on the second day of the conference.
This paper is continuation of memcached injections research presented at BlackHat USA 2014.
The paper presents two main areas of research: input validation vulnerabilities at different key-value clients for popular platforms (c, java, lua, node.js, php, perl, python and ruby) and vulnerabilities inside their engines. Special attention is paid for to the sandboxes inside services.
As a result author found a way to do something like “SQL Injection attacks”, but for key-value storages. Such an attack in practice leads to different effects from authentication bypass to execution of arbitrary interpreter’s code. It’s real world problem found on security audits and existing at different popular web applications
Most organizations treating AI security as a model problem are defending the wrong layer. Security…
Your legal team just handed you a 400-page document and said "figure out compliance." The…
Every secure API draws a line between code and data. HTTP separates headers from bodies.…
TL;DR AI risk doesn’t live in the model. It lives in the APIs behind it.…
Dimitris Georgiou has been a self-professed computer geek since the early 80s. At university, he…
Your board wants AI. Your developers are building with it. Your budget committee is asking…