Tag

Cloudflare

Browsing

On July 14th, Emil Lerner found and explored new ways of HTTP desync/smuggling exploitation based on HTTP/2 request processing issues. He submitted the bug to the Cloudflare security team through their bug bounty program. This security issue took Cloudflare a week to fix and was completed on July the 24th. Emil was awarded with a $1’000 bounty, and on August 15th, the company accepted this bug for public disclosure. Here we go. The nature and…

What do you do if you need to protect your website from XSS attacks? Most people patch it and get a WAF. This is common knowledge and there are plenty of places where you could go to get basic protection for your websites. From a free solution to solutions costing hundreds of thousands of dollars, most of them will claim they protect from OWASP Top 10 threats. So is there a real difference between WAFs?…