GraphQL Batching Attack

There is a new attack surface when the app tech stack includes GraphQL. It's Batched Attacks on GraphQL APIs. How can these apps be protected? Read more to find out.
Read More

Recent discoveries reveal high-risk PHP vulnerabilities

Hundreds of millions of people using everyday platforms could be at risk. One of the most popular server-side web programming languages, Hypertext Preprocessor (PHP) was discovered to be at high risk for attacks. Patches for high-severity vulnerabilities have been released. Without a protective system like a smart WAF or a patch in place, those vulnerabilities...
Read More

Wallarm to Sponsor AppSec Cali

If you are a SecOps or DevOps professional on the west coast you can not miss the premier California application security event: AppSec California, January 22–25th in Santa Monica. Here are testimonials from the previous AppSec Cali events: “I’m looking forward to AppSecCali next week. Last year was awesome. This year looks even better!” — @jeremiahg “I...
Read More

RCE in PHP or how to bypass disable_functions in PHP installations

Today we will explore an exciting method to remotely execute code even if an administrator set disable_functions in the PHP configuration file. It works at most popular UNIX-like systems. CVE-2018–19518 was assigned to the vulnerability was found by a man with the @crlf nickname. Let’s see details of that vulnerability and how can we exploit...
Read More

“Fire Danger Rating” on “High” in Security Climate

November was a scary month in California. After four years of drought, the forests and towns in the northern part of the state exploded into wildfires, displacing thousands of residents and destroying millions of dollars of property. The foul air in San Francisco and the surrounding areas was a sordid reminder of the ordeal and...
Read More

Happy graduation, Envoy!

Envoy, the new darling of the DevOps community, performs the role of a service and edge proxy. With advanced features such as timeouts, rate limiting, circuit breaking, load balancing, retries, stats, logging, and distributed tracing are required to handle network failures in a fault tolerant and reliable way it’s a solid choice as an API...
Read More
1 2 3
Show Buttons
Hide Buttons