waf

Articles related to Web Application Firewall (WAF)

6 Articles

waf

ModSecurity rules verification

waf

ModSecurity rules verification

ModSecurity [https://www.modsecurity.org/] is open-source WAF. It protects web applications with libinjection and regular expressions. The first one detects SQL-injections by tokenizing parameters

By Mikhail Golovanov 15 Oct 2018

Part 2. libinjection: different databases fuzzing

Part 2. libinjection: different databases fuzzing

It is sequel of previous article [https://waf.ninja/libinjection-fuzz-to-bypass/], where I was fuzzing MariaDB 10.2.5, trying to bypass libinjection library. This time

By Mikhail Golovanov 9 Oct 2017

libinjection: fuzz to bypass

libinjection is a library that parses parameter value to SQL elements (tokens) and check if tokens combination (fingerprint) is familiar to SQL-injection attack. This library

By Mikhail Golovanov 24 Sep 2017

Review: wtt OWASP CRS 3.0 bypass

waf

Review: wtt OWASP CRS 3.0 bypass

A while ago I had to make comparison of different Web Application Firewalls based on their security level protection. And as result made WAF Testing

By Mikhail Golovanov 17 Sep 2017

Review: WAFNinja

waf

Review: WAFNinja

WAFNinja was presented by Khalil Bijjou at OWASP Stammtisch Frankfurt 2015 and PHDays 2016. This tool is cli python script which allows to fuzz parameters

By Mikhail Golovanov 16 Sep 2017

Review: WAF Testing Framework

waf

Review: WAF Testing Framework

WAF Testing Framework is developed by Imperva employees (Yaniv Azaria, Amichai Shulman) and was presented at OWASP AppSec USA in 2012. To work properly it

By Mikhail Golovanov 16 Sep 2017