Tag

Owasp

Browsing

GraphQL is an alternative to the REST concept that allows working with the data in a more structured and object-oriented way. This technology is very famous and used by many enterprise companies such as Facebook, Walmart, Intuit among other. Whether you know it or not, GraphQL has a significant impact on your business. Many products you rely on, such as GitLab, New Relic, and WordPress use GraphQL under the covers. In this series of articles,…

When it comes to XXE issues, hackers have multiple ways to take advantage of WAF configurations. We are going to show you four ways hackers trick WAFs, sneaking XXE issues past their defenses. 4 hacker XXE methods for bypassing WAFs: Extra document spaces Invalid format Exotic encodings One doc: two types of encoding Once you understand the issue, you should be able to restore the fire to your defenses. We will show you how. A…

If you are a SecOps or DevOps professional on the west coast you can not miss the premier California application security event: AppSec California, January 22–25th in Santa Monica. Here are testimonials from the previous AppSec Cali events: “I’m looking forward to AppSecCali next week. Last year was awesome. This year looks even better!” — @jeremiahg “I think AppSecCali was one of the best conferences I have been to. Talks were good. Venue was awesome and atmosphere…

In a recent article published by Security Boulevard, we talked about OWASP Top 10 Risk classification and overlap. In this post, we will examine tools that allegedly help address these risks. You may be at more risk than you’ve been lead to believe. The following is an OWASP Risk Overlap diagram (based on the Security Boulevard article) will be used to illustrate different threat intelligence and detection mechanisms. The following color-coded visual aids help understand…

The Journey to the New and Improved Ten Most Critical Web Application Security Risks It was not too long ago that protecting your web server infrastructure consisted of simply placing the server(s) in their own zone behind the firewall and just opening a couple of ports. Outside of endpoint protection, that was pretty much the formula. That, however, was in a static HTML world. Today, thanks to the fruition of the web application and how it…