Tag

Owasp

Browsing

GraphQL is an alternative to the REST concept that allows working with the data in a more structured and object-oriented way. This technology is very famous and used by many enterprise companies such as Facebook, Walmart, Intuit among other. Whether you know it or not, GraphQL has a significant impact on your business. Many products you rely on, such as GitLab, New Relic, and WordPress use GraphQL under the covers. In this series of articles,…

When it comes to XXE issues, hackers have multiple ways to take advantage of WAF configurations. We are going to show you four ways hackers trick WAFs, sneaking XXE issues past their defenses. 4 hacker XXE methods for bypassing WAFs: Extra document spacesInvalid formatExotic encodingsOne doc: two types of encoding Once you understand the issue, you should be able to restore the fire to your defenses. We will show you how. A little background on XXE…

If you are a SecOps or DevOps professional on the west coast you can not miss the premier California application security event: AppSec California, January 22–25th in Santa Monica. Here are testimonials from the previous AppSec Cali events: “I’m looking forward to AppSecCali next week. Last year was awesome. This year looks even better!” — @jeremiahg “I think AppSecCali was one of the best conferences I have been to. Talks were good. Venue was awesome and atmosphere…

In a recent article published by Security Boulevard, we talked about OWASP Top 10 Risk classification and overlap. In this post, we will examine tools that allegedly help address these risks. You may be at more risk than you’ve been lead to believe. The following is an OWASP Risk Overlap diagram (based on the Security Boulevard article) will be used to illustrate different threat intelligence and detection mechanisms. The following color-coded visual aids help understand…