On July 14th, Emil Lerner found and explored new ways of HTTP desync/smuggling exploitation based on HTTP/2 request processing issues. He submitted the bug to the Cloudflare security team through their bug bounty program. This security issue took Cloudflare a week to fix and was completed on July the 24th. Emil was awarded with a $1’000 bounty, and on August 15th, the company accepted this bug for public disclosure. Here we go. The nature and…
This year is full of extraordinary events and cybersecurity domains are not an exception. Massive WebSocket vulnerabilities are not so…
An easy to use Cloud WAF and API protection package We are thrilled to announce the launch of the new…
In the recent post (https://lab.wallarm.com/340-weak-jwt-secrets-you-should-check-in-your-code/), we presented a wallarm/jwt-secrets GitHub repository with a 340 JSON Web Token secrets available publicly.…
This article explains how to exploit Oracle WebLogic for remote code execution by using valid credentials. It’s useful during black-box…
A lot of information about detected malicious requests is already available in the Wallarm console UI. However, the search functionality…
JSON Web Token (JWT) is the data format with bill-in signature and encryption mechanisms that are often used by modern…
The Wallarm WAF provides an organization with the ability to protect their applications and APIs against a wide range of…
In this series’ previous article, we added the AI-powered Wallarm WAF to our Helm chart bundled application as a sidecar…
Every application has its own specific goals, critical aspects, and needs. So, the logical conclusion would be that every app…
The king of container orchestration needs the best security companion: Wallarm WAF. When it comes to speed, portability, and the…
