This article is written specifically for web developers who use a module. We will tell you how we got access to sensitive data on a staging server through Yii2 Gii Remote Code: First to the testing environment, and then to the production. Spoiler: We have notified the module developer about the problem and it will be fixed soon. A temporary patch is available on GitHub. Gii is a module used to automatically generate code that…
In the previous article, we described the vulnerability discovered in the Yii2 Framework 2.0.35. In this piece, you’ll find out…
Introduction to GraphQL Representational state transfer (REST) APIs are the most popular type of API. However, GraphQL is rapidly growing…
The main things that prevent enabling security solutions like WAF/RASP/IDS/IPS in a blocking mode are false positives. Probably the second…
One of the services Wallarm offers today are Pentest Audits. Our team has met a new challenging task at a…
Since 1991, Web Application Firewall, commonly referred to as WAF, has become one of the most common application security technologies…
Figma is a powerful tool for interface development and prototyping. We use it to design our products and to create…
Wallarm has always stood out from its competitors when it comes to supporting modern stacks. For a long time Wallarm…
Last month, Wallarm Cybersecurity Strategist Kavya Pearlman interviewed cyberwar fare expert Chris Kubecka via a webinar session that was well…
In addition to the same risks that web applications are exposed to, APIs are faced with a number of unique security risks and vulnerabilities. This blogs provides an overview of the new OWASP API Top 10 risk project.