Tag

JavaScript

Browsing

We have recently released a new version of Wallarm Node. After your next update window, you will see some new features your DevOps team is certain to like. Firstly, your monitoring and reporting got a lot livelier. Starting with this version in addition to JSON format metrics can be exported in Prometheus compatible format. As before with Collectd, information on the number of requests, number of attacks, number of blocked attacks and a variety of…

How to trick CSP in letting you run whatever you want By bo0om, Wallarm research Content Security Policy or CSP is a built-in browser technology which helps protect from attacks such as cross-site scripting (XSS). It lists and describes paths and sources, from which the browser can safely load resources. The resources may include images, frames, javascript and more. But what if we can give an example of successful XSS attacks when no unsafe resource origins…

by @bo0om, Wallarm Research Caching is a great technology practice. It makes life better for everybody — clients get the data faster, servers expend fewer resources and so on. There is even a whole CDN industry that was built to deliver caching as a service. There are many examples of caching configuration and tuning, but what I would like to talk about today are possible vulnerabilities in the caching techniques and methodology. Some environments are configured in…

In the beginning there was http 1 or 2, web pages were static and did not do much beyond displaying static text and images. Life has changed since… Web applications discovered that bi-directional communication between the browser and the web server is essential. Of course, http protocol, with it’s short lived client-initiated sessions, was not a good fit for this requirement. Before Websockets, a typical solution was to simulate server-push with long polling. This involved…