Sandbox for HoneyPot
I monitor bots activity for a while and often see such behavior:[SUCCESS] Robot comes...
Hello! We have 0 resources for you...
ModSecurity rules verification
ModSecurity is open-source WAF. It protects web applications with libinjection and regular expressions. The first...
How to turn any website into Wordpress/Drupal honeypot
When new exploit to popular CMS's vulnerability appears, same day someone will send it all...
Part 2. libinjection: different databases fuzzing
It is sequel of previous article, where I was fuzzing MariaDB 10.2.5, trying...
libinjection: fuzz to bypass
libinjection is a library that parses parameter value to SQL elements (tokens) and check if...
Showcase: Struts2 vulnerability evolution
Apache Struts 2 is used as framework for Java EE applications development. During time there...
Showcase: DOM-based XSS
Cross-Site Scripting (XSS) vulnerabilities are divided into three types: Reflected: when payload is injected from...
Review: wtt OWASP CRS 3.0 bypass
A while ago I had to make comparison of different Web Application Firewalls based on...
Review: WAFNinja
WAFNinja was presented by Khalil Bijjou at OWASP Stammtisch Frankfurt 2015 and PHDays 2016. This...