ModSecurity rules verification
ModSecurity is open-source WAF. It protects web applications with libinjection and regular expressions. The first one detects SQL-injections by tokenizing parameters value. Regular expressions cover
Part 2. libinjection: different databases fuzzing
It is sequel of previous article, where I was fuzzing MariaDB 10.2.5, trying to bypass libinjection library. This time the goal was to
libinjection: fuzz to bypass
libinjection is a library that parses parameter value to SQL elements (tokens) and check if tokens combination (fingerprint) is familiar to SQL-injection attack. This library
Review: wtt OWASP CRS 3.0 bypass
A while ago I had to make comparison of different Web Application Firewalls based on their security level protection. And as result made WAF Testing
Review: WAFNinja
WAFNinja was presented by Khalil Bijjou at OWASP Stammtisch Frankfurt 2015 and PHDays 2016. This tool is cli python script which allows to fuzz parameters
Review: WAF Testing Framework
WAF Testing Framework is developed by Imperva employees (Yaniv Azaria, Amichai Shulman) and was presented at OWASP AppSec USA in 2012. To work properly it
