Collaborate Disseminate
We all want to secure our applications. This task is becoming harder by the day as our applications constantly change multiple times per week, if not per day. According to Radware’s Web Application Security Report, 24% of the applications are ch… Continue reading Are Application Testing Tools Still Relevant with Self Learning WAFs?
If a website URL gets encoded then is the website still vulnerable to XSS or no?
For example, if I try <script>alert(1)</script> and the site URL encodes my payload to %3Cscript%3Ealert(1)%3C%2Fscript%3E does this mean the sit… Continue reading XSS with URL encoding
I was pentesting a website when I discovered that the URL included the id parameter. Because of this, I knew that the id parameter might be vulnerable to SQLi. I received a 200 response and found no sign that the injection wa… Continue reading Attempting SQLi against website with WAF filter [on hold]
More and more countries are modifying their policies with a new “driving license” model. With a classic license model, drivers can be caught frequently; they just have to pay a huge amount of money to the police each time. Since this model… Continue reading Access to Applications Based on a « Driving License » Model
Looking in the rearview mirror The application threat landscape has rapidly evolved. For years, users consumed applications over the internet using the common tool – web browsers. At every point in time, there were 2-5 web browsers to support, a… Continue reading WAFs Should Do A Lot More Against Current Threats Than Covering OWASP Top 10
I would like to know the difference between WAF and IPS/IDS?
Can IPS/IDS handle an attack on a web application?
If there are differences functionally between the two applications, how they work together when there is an att… Continue reading Comparison between WAF and IPS/IDS
Our Featured Member series is a way for us to show appreciation and highlight active contributors in our community. Communities thrive on interaction and our Featured Series gives you some insight on some of our most active folks. Rhazi Youssef has bee… Continue reading DevCentral’s Featured Member for July – Rhazi Youssef
Is there a tool to know if a website uses a firewall?
Continue reading How to determine if a website uses an internal WAF? [on hold]
In the previous blog posts in this series, we discussed the motivation for clustering attacks and the data used and how to calculate the distance between two attacks using different methods on each feature we extracted. In this final blog post, we̵… Continue reading Clustering App Attacks with Machine Learning Part 3: Algorithm Results
Say that a web application is behind a well configured WAF, is there still a window of HTTP injection related attacks like SQLi, XSS, LFI, HTMLi?
If so is a WAF considered a redundant defence measure?