How to turn any website into Wordpress/Drupal honeypot

When new exploit to popular CMS's vulnerability appears, same day someone will

Mikhail Golovanov in tools 4 months ago

Part 2. libinjection: different databases fuzzing

It is sequel of previous article, where I was fuzzing MariaDB 10.

Mikhail Golovanov in libinjection a year ago

libinjection: fuzz to bypass

libinjection is a library that parses parameter value to SQL elements (tokens)

Mikhail Golovanov in libinjection a year ago

Showcase: Struts2 vulnerability evolution

Apache Struts 2 is used as framework for Java EE applications development.

Mikhail Golovanov in rce a year ago

Showcase: DOM-based XSS

Cross-Site Scripting (XSS) vulnerabilities are divided into three types: Reflected: when payload

Mikhail Golovanov in xss a year ago

Review: wtt OWASP CRS 3.0 bypass

A while ago I had to make comparison of different Web Application

Mikhail Golovanov in waf a year ago

Review: WAFNinja

WAFNinja was presented by Khalil Bijjou at OWASP Stammtisch Frankfurt 2015 and

Mikhail Golovanov in waf a year ago

Review: WAF Testing Framework

WAF Testing Framework is developed by Imperva employees (Yaniv Azaria, Amichai Shulman)

Mikhail Golovanov in waf a year ago