waf ModSecurity rules verification ModSecurity [https://www.modsecurity.org/] is open-source WAF. It protects web applications with libinjection and regular expressions. The first one detects SQL-injections by tokenizing parameters By Mikhail Golovanov 15 Oct 2018
libinjection Part 2. libinjection: different databases fuzzing It is sequel of previous article [https://waf.ninja/libinjection-fuzz-to-bypass/], where I was fuzzing MariaDB 10.2.5, trying to bypass libinjection library. This time By Mikhail Golovanov 9 Oct 2017
libinjection libinjection: fuzz to bypass libinjection is a library that parses parameter value to SQL elements (tokens) and check if tokens combination (fingerprint) is familiar to SQL-injection attack. This library By Mikhail Golovanov 24 Sep 2017
waf Review: wtt OWASP CRS 3.0 bypass A while ago I had to make comparison of different Web Application Firewalls based on their security level protection. And as result made WAF Testing By Mikhail Golovanov 17 Sep 2017
waf Review: WAFNinja WAFNinja was presented by Khalil Bijjou at OWASP Stammtisch Frankfurt 2015 and PHDays 2016. This tool is cli python script which allows to fuzz parameters By Mikhail Golovanov 16 Sep 2017
waf Review: WAF Testing Framework WAF Testing Framework is developed by Imperva employees (Yaniv Azaria, Amichai Shulman) and was presented at OWASP AppSec USA in 2012. To work properly it By Mikhail Golovanov 16 Sep 2017
