Tag

SQL Injection

Browsing

In the latest version of Wallarm Node, we integrated a new attack detection engine that will work with a combination of current detects. Libdetection is a unique open-source project (https://github.com/wallarm/libdetection), that provides a signature-free payloads detection by implementing a syntax analysis and the base theory of grammars. Libdetection uses a formal model for attack detection, which allows it to make a decision based on the type of attack. This approach allows us to implement the…

Introduction to GraphQL Representational state transfer (REST) APIs are the most popular type of API. However, GraphQL is rapidly growing in popularity as a competitor to REST. GraphQL is a meta-layer with built-in query language to access object-oriented data. It’s based on JSON-encoded HTTP requests with custom queries inside. Unlike REST, there is no data inside the URL. These differences between traditional REST APIs and GraphQL ones can create challenges for security. Legacy web application…

In a recent article published by Security Boulevard, we talked about OWASP Top 10 Risk classification and overlap. In this post, we will examine tools that allegedly help address these risks. You may be at more risk than you’ve been lead to believe. The following is an OWASP Risk Overlap diagram (based on the Security Boulevard article) will be used to illustrate different threat intelligence and detection mechanisms. The following color-coded visual aids help understand…

Understanding Your Monthly Security Reports When we first starting a conversation with our prospects, we are frequently asked, “Just how will I know that Wallarm is working?” To help answer that, let’s take a look at the report we sent to one of our customers last week to understand what kind of threats Wallarm defends agains. Wallarm customers get this kind of detailed report weekly — just to keep track of the state of affairs. In addition, they…

Grab a moment and catch Wallarm CEO Ivan Novikov at SyScan 360 which is about to start in hot Singapore. His talk on Key-value injections here! will be on the second day of the conference. This paper is continuation of memcached injections research presented at BlackHat USA 2014. The paper presents two main areas of research: input validation vulnerabilities at different key-value clients for popular platforms (c, java, lua, node.js, php, perl, python and ruby)…