Application Security Testing Archives

In Web Application Security

What is fuzz testing? What is it used to test for?

January 17, 2022 7 Mins Read

Fuzz testing, regularly known as fuzzing, is a product testing procedure that incorporates embedding flawed or arbitrary information (FUZZ) into a product framework to recognize coding issues and security issues. Fuzz testing involves infusing information into a framework utilizing robotized or semi-computerized procedures and investigating the framework for different exemptions, for example, framework crashes or implicit code disappointment. Brief History Fuzz testing was created at the University of Wisconsin Madison in 1989 by Professor Barton…

In API Security

Wallarm launches Cloud WAF with the best-in-class API protection

October 7, 2020 3 Mins Read

An easy to use Cloud WAF and API protection package We are thrilled to announce the launch of the new Wallarm Cloud WAF deployment for Wallarm Cloud-Native Security Platform. Get your application protection up and running in 15 minutes, without any installation at all. You can now gain protection across a full portfolio of your applications, APIs, and serverless workloads without any agent installation at all. Typically Wallarm customers install Wallarm nodes as Kubernetes Ingress…

In Compliance

Exploiting Oracle WebLogic by Remote Code Execution with a /console endpoint restricted

September 22, 2020 3 Mins Read

This article explains how to exploit Oracle WebLogic for remote code execution by using valid credentials. It’s useful during black-box security audits, pentests, and infrastructure audits, including automated vulnerability scanning. To set up an example playground, we will use the following docker container: docker run -p7001:7001 –name weblogic –rm vulhub/weblogic:12.2.1.3 Again, we need to have management rights & access to the administrator console (/console web endpoint) to cause remote code execution in Oracle WebLogic. In…

In DevOps

Protect your Helm chart bundled application with Wallarm WAF. 10-minutes configuration for continuous and enhanced security

July 24, 2020 10 Mins Read

Every application has its own specific goals, critical aspects, and needs. So, the logical conclusion would be that every app needs an in-depth manual configuration, right? Well, here at Wallarm, we’re security experts and developers from the real world, and we know that in many cases time, learning curve, and maintainability are crucial factors. That’s why we continuously try to make things as easy and straightforward they can be, and that’s why you can include…

In Compliance

Security Challenges in FinTech – Discussion with Vandana Verma, OWASP

June 4, 2020 8 Mins Read

In the digital era, financial institutions serve an increasing number of customers through web and mobile applications. Fintech maintains online security, and OWASP offers pieces of the puzzle to address the challenges. We CAN solve these challenges by leveraging the OWASP community knowledge base to secure the financial sector. On May 21st, 2020, I had the honor to dive into these challenges from multiple perspectives with my two guests, Vandana Verma and Victor Gartvich. We…

In Network Security

Testing ModSecurity for false positives by books texts

May 12, 2020 3 Mins Read

The main things that prevent enabling security solutions like WAF/RASP/IDS/IPS in a blocking mode are false positives. Probably the second one is their inline performance and additional latency, but still. As a cloud-native WAF vendor, we at Wallarm are actively checking our products for false positives to continuously deliver better detection quality for our customers. One of the ways to address false positives is to detect it early before the real customer will be blocked.…