What The Actual WAF!?

we need to kick out the solutions that are no longer functioning to give ample room for the advanced WAF solutions. Join us in this discussion.
Read More

RCE in PHP or how to bypass disable_functions in PHP installations

Today we will explore an exciting method to remotely execute code even if an administrator set disable_functions in the PHP configuration file. It works at most popular UNIX-like systems. CVE-2018–19518 was assigned to the vulnerability was found by a man with the @crlf nickname. Let’s see details of that vulnerability and how can we exploit...
Read More

Wallarm New Open Source Module and Kaggle Hackathon

A key element of any security solution, whether its a WAF, NGWAF, RASP or even a SIEM or a classic IDS, is the ability to correctly detect whether an incoming API request is malicious. The traditional way to do it is using signatures and regular expressions (regex). Some sets of signatures are open-sourced such as...
Read More

Tools to address OWASP Top 10 Risks

In a recent article published by Security Boulevard, we talked about OWASP Top 10 Risk classification and overlap. In this post, we will examine tools that allegedly help address these risks. You may be at more risk than you’ve been lead to believe. The following is an OWASP Risk Overlap diagram (based on the Security...
Read More

Drupalgeddon Two.

New Drupal Vulnerability in Detail By @aLLy The second Drupalgeddon has come! It is a new variant of a critical vulnerability in one of the most popular CMSs, which caused a big stir. This newly-discovered breach allows any unregistered user execute commands in the target system by means of a single request. The problem is further...
Read More

Exploring de-serialization issues in Ruby projects.

Ruby on Rails is a popular application platform that uses cookies to identify application sessions. The cookie consists of two parts: cookie-value and signature. Whenever Rails gets a cookie, it verifies that the cookie has not been tampered with by verifying that the hash/signature of the cookie-value sent matches the signature sent. Demarshalling cookies to...
Read More
1 2 3
Show Buttons
Hide Buttons