ModSecurity rules verification
ModSecurity is open-source WAF. It protects web applications with libinjection and regular
How to turn any website into Wordpress/Drupal honeypot
When new exploit to popular CMS's vulnerability appears, same day someone will
Part 2. libinjection: different databases fuzzing
It is sequel of previous article, where I was fuzzing MariaDB 10.
libinjection: fuzz to bypass
libinjection is a library that parses parameter value to SQL elements (tokens)
Showcase: Struts2 vulnerability evolution
Apache Struts 2 is used as framework for Java EE applications development.
Showcase: DOM-based XSS
Cross-Site Scripting (XSS) vulnerabilities are divided into three types: Reflected: when payload
Review: wtt OWASP CRS 3.0 bypass
A while ago I had to make comparison of different Web Application
Review: WAFNinja
WAFNinja was presented by Khalil Bijjou at OWASP Stammtisch Frankfurt 2015 and
Review: WAF Testing Framework
WAF Testing Framework is developed by Imperva employees (Yaniv Azaria, Amichai Shulman)