Avoiding WAF with DirBuster
I am curious as to how bug hunters / pen testers use DirBuster and GoBuster without getting their IPs banned all the time (which is why I am asking)?
Category Archives: waf
Single and double Encoding of parameters to bypass security filters
I was practising some labs to get better at XSS and SSRF. I found that sometimes I just encode characters once and the security filter is bypassed and occasionally I have to encode it two times.
How does the filter work in the backend? Ca… Continue reading Single and double Encoding of parameters to bypass security filters
A Web-Driven World Needs Better Web Security
Web interfaces are everywhere. From social media sites to online shopping portals to your CRM, the humble web interface is now used to access much of the online world. So, it isn’t difficult to see why web applications are a prime target for cybe… Continue reading A Web-Driven World Needs Better Web Security
How to achieve RCE with include?
Is there a way to bypass the input check to get RCE with the include function?
php wrappers can’t be used because allow_url_include is off
Also, open_basedir=/var/www/html/
function waf($s, $type) {
if($type == 0)… Continue reading How to achieve RCE with include?
Attack Analytics Now Include Actionable Insights
The number and sophistication of attacks on enterprise networks, applications, and APIs has increased as intruders gain technical acumen and advanced tool kits. Many attackers are now able to maintain and sustain determined efforts to steal data and di… Continue reading Attack Analytics Now Include Actionable Insights
10 Commandments for Securing Microservices
Here are 10 characteristics to look for when considering protection to data and applications in a service mesh architecture.
The post 10 Commandments for Securing Microservices appeared first on Radware Blog.
The post 10 Commandments for Securing Mic… Continue reading 10 Commandments for Securing Microservices
Server returns 403 when I try SQL injection
I am trying to pentest my friend’s site. It is clearly vulnerable to SQL injection attack based on the error messages I get from entering different get parameters.
Whenever I try very simple attacks containing SQL commands s… Continue reading Server returns 403 when I try SQL injection
Celebrate Cybersecurity Awareness Month with These Tips From a Survey of 1,200 Security Pros
Held every October, National Cybersecurity Awareness Month (NCSAM) is a collaborative effort between government and industry meant to raise awareness about the importance of cybersecurity. NCSAM is focused largely on consumer awareness, but for cyberse… Continue reading Celebrate Cybersecurity Awareness Month with These Tips From a Survey of 1,200 Security Pros
Agile Security Is Now A Reality
Businesses are looking to optimize and accelerate their SDLC, in order to improve their operational efficiency and gaining a competitive edge.
The post Agile Security Is Now A Reality appeared first on Radware Blog.
The post Agile Security Is Now A … Continue reading Agile Security Is Now A Reality
How to protect Authentication API from a DDoS attacks?
After Login, severs can check authorization, tokens etc at API and WAF levels to mitigate DDoS attacks. But this can only happen after user has logged in. How can we protect DDoS attack on login API? I guess we can use ip add… Continue reading How to protect Authentication API from a DDoS attacks?