Tag

Nginx

Browsing

How to trick CSP in letting you run whatever you want By bo0om, Wallarm research Content Security Policy or CSP is a built-in browser technology which helps protect from attacks such as cross-site scripting (XSS). It lists and describes paths and sources, from which the browser can safely load resources. The resources may include images, frames, javascript and more. But what if we can give an example of successful XSS attacks when no unsafe resource origins…

by @Andrey Danau, Wallarm Research If you are like many app developers, you may be using nginx or apache proxy or a web server on the front end of your application. If you are on a tight schedule, it is tempting to tie authorization and data controls simply to the locations defined in the front end. Here lies a pitfall — due to a different treatment of the location path by the java-based back-end and the front-end.…

By @aLLy , Wallarm Research There was a very interesting vulnerability discovered in nginx, one of the most popular web/proxy/load balancing servers. This vulnerability leaks information about the application behind the nginx proxy. For example, a specially formed request can retrieve information on the internal structure of an application and/or its IP address. Turns out this issue has been around for all of ten years and the vulnerability affects versions of nginx as early as 0.5.6…

Wallarm is proud to be a gold sponsor of NGINX 2017. nginx.conf is an annual conference for technical professionals who are passionate about delivering better application and web performance. The event takes place on September 6–8 at the Nines Luxury Hotel in Portland, OR. Join us at the conference, meet Wallarm team and learn about implementing security for your NGINX deployments. Conference attendees will also get a chance to meet face-to-face and network with fellow…

Wallarm is a pioneer security vendor in the NGINX Certified Module program and provides trusted and verified security functionality to NGINX Plus customers. As long-time friends and technology partners of NGINX, Wallarm has worked hard in collaborating with the NGINX’s team to make sure or solutions work well and perform at the speed of load balancer. [See our earlier guide on securing web applications with Wallarm and NGINX.] With the new Certified Module program, customers…