Tag

Web Development

Browsing

by @Andrey Danau, Wallarm Research If you are like many app developers, you may be using nginx or apache proxy or a web server on the front end of your application. If you are on a tight schedule, it is tempting to tie authorization and data controls simply to the locations defined in the front end. Here lies a pitfall — due to a different treatment of the location path by the java-based back-end and the front-end.…

“The light is on in their window. They must be home.” This is a classic example of a side information channel. They didn’t TELL you they were home. But the side effect of them being home in the evening is the light in the window — which is how you’re pretty sure they are home even though this information wasn’t communicated to you. Creative Commons CC0 1.0 Another example that is a bit closer to cryptography concerns why…

by Ivan Novikov Image by Byseyhanla (Own work) [CC BY-SA 4.0, article re-posted from https://medium.com/@d0znpp/top-5-stupid-security-mistakes-in-web-apps-2f26f52ebfaa In this blog entry, I will summarize some commonly overlooked issues which have been affecting many web projects for the last 5 years. All of them are obvious and super predictable and could be used be script kiddies as well as by fully automated scanners and internal security checks. Let’s go! Apache to Nginx migration configuration files disclosure. Just don’t…

Wallarm is a pioneer security vendor in the NGINX Certified Module program and provides trusted and verified security functionality to NGINX Plus customers. As long-time friends and technology partners of NGINX, Wallarm has worked hard in collaborating with the NGINX’s team to make sure or solutions work well and perform at the speed of load balancer. [See our earlier guide on securing web applications with Wallarm and NGINX.] With the new Certified Module program, customers…