unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
What does Zero Trust mean for API security?
The old mentality of building a moat around important assets and trusting anyone or anything...
2021-05-08 00:20:38 | 阅读: 162 |
收藏
|
lab.wallarm.com
security
b2b
threats
perimeter
Wallarm API Discovery: Discover API endpoints automatically and secure them
What do you know about your APIs? Why are the vulnerable v2 and v3 still exposed if they...
2021-04-07 03:27:17 | 阅读: 170 |
收藏
|
lab.wallarm.com
wallarm
specs
swagger
cloud
http2smugl: HTTP2 request smuggling security testing tool
HTTP/2 become the standard defacto for the modern web and causes new application security ris...
2021-04-05 03:47:35 | 阅读: 281 |
收藏
|
lab.wallarm.com
http2smugl
frontend
chunked
security
emil
Weekly exploit digest – March, 15-21 – VMware View Planner, Win32k ConsoleControl, Microsoft Windows Containers DP API
Welcome to our weekly exploit digest! We should say this hasn’t been a big week because guys...
2021-03-21 22:09:00 | 阅读: 149 |
收藏
|
lab.wallarm.com
windows
containers
machine
powershell
payload
Web vulnerabilities exploits weekly digest #1. March 8-15th 2021. VMware vCenter and Apache OFBiz RCE.
Welcome to the Wallarm weekly web exploits digest! Since this week, we will publish our weekl...
2021-03-17 03:22:00 | 阅读: 205 |
收藏
|
lab.wallarm.com
5type
php
attacker
remote
Why WAFs can’t catch VMware CVE-2021-21972 Remote Code Execution Exploit?
The recent critical security issue in VMware vCenter was discovered this January and fixed on...
2021-03-09 05:22:27 | 阅读: 199 |
收藏
|
lab.wallarm.com
ova
vcenter
wafs
payload
uploadova
Grammarly fixed XSS vulnerability that bypasses AWS WAF
Grammarly is the unicorn company that announced its open bug bounty program last September. S...
2021-03-04 04:54:16 | 阅读: 245 |
收藏
|
lab.wallarm.com
payload
grammarly
bypass
frans
Brute-Force or DirBuster attacks: how Wallarm WAF handles those effectively
E-commerce sites will always be a hot target for cyberattacks, they are treasure troves of pe...
2021-02-12 06:17:40 | 阅读: 275 |
收藏
|
lab.wallarm.com
wallarm
dirbuster
activation
passwords
security
Risks involved with operatorAliases in Sequelize
What Sequelize is, where and what for it is usedSequelize is a Node.js ORM for Postgres,...
2021-01-23 00:22:20 | 阅读: 257 |
收藏
|
lab.wallarm.com
username
database
aliases
updatedat
createdat
Build OWASP Top-10 2021 based on fair statistics
Unofficial OWASP Top-10 2021 Proposal based on statistical dataEverybody knows the OWASP...
2021-01-20 21:17:22 | 阅读: 347 |
收藏
|
lab.wallarm.com
security
ssrf
bulletins
vulners
proposal
Consul by HashiCorp: from Infoleak to RCE
Consul is a software first released in 2014 for DNS-based service discovery. It provides dist...
2020-11-19 18:58:20 | 阅读: 331 |
收藏
|
lab.wallarm.com
consul
network
cloud
attackers
googleapis
WAF JSON decoding capability required to protect against API threats like CVE-2020-13942 Apache Unomi RCE
New critical Apache Unomi exploit was released yesterday.As an official press release say...
2020-11-19 08:41:05 | 阅读: 333 |
收藏
|
lab.wallarm.com
u0065
pyn3rd
u0074
unomi
u0063
Libdetection
In the latest version of Wallarm Node, we integrated a new attack detection engine that will...
2020-10-19 22:18:24 | 阅读: 300 |
收藏
|
lab.wallarm.com
wallarm
commanding
library
positives
Libdetection: Introducing New Generation of Attacks Detection
In the latest version of Wallarm Node, we integrated a new attack detection engine that will...
2020-10-19 22:18:24 | 阅读: 233 |
收藏
|
lab.wallarm.com
wallarm
library
commanding
positives
Cloudflare fixed an HTTP/2 smuggling vulnerability
On July 14th, Emil Lerner found and explored new ways of HTTP desync/smuggling exploitation b...
2020-10-16 00:29:33 | 阅读: 323 |
收藏
|
lab.wallarm.com
upstream
cfsmugl
canal
unchanged
h2c
CVE-2020-24807: Preventing critical Socket.IO vulnerability
This year is full of extraordinary events and cybersecurity domains are not an exception. Mas...
2020-10-09 05:36:02 | 阅读: 344 |
收藏
|
lab.wallarm.com
wallarm
websockets
threats
ngwaf
burp
Wallarm launches Cloud WAF with the best-in-class API protection
An easy to use Cloud WAF and API protection package We are thrilled to announce the launc...
2020-10-08 05:48:16 | 阅读: 244 |
收藏
|
lab.wallarm.com
wallarm
cloud
workloads
positives
announce
Meet JWT heartbreaker, a Burp extension that finds thousands weak secrets automatically
In the recent post (https://lab.wallarm.com/340-weak-jwt-secrets-you-should-check-in-your-cod...
2020-10-02 00:24:32 | 阅读: 268 |
收藏
|
lab.wallarm.com
github
wallarm
burp
usual
Exploiting Oracle WebLogic by Remote Code Execution with a /console endpoint restricted
This article explains how to exploit Oracle WebLogic for remote code execution by using valid...
2020-09-23 07:08:17 | 阅读: 260 |
收藏
|
lab.wallarm.com
weblogic
wls
7001
security
monitoring
Fetching Full-Text Alert Data with the Wallarm API
A lot of information about detected malicious requests is already available in the Wallarm co...
2020-09-16 06:16:00 | 阅读: 243 |
收藏
|
lab.wallarm.com
wallarm
client
rawhit
hits
python
Previous
13
14
15
16
17
18
19
20
Next