Alibaba WAF version 3.0 was tested and very common payload was found bypassing command injection. While testing the capabilities of the firewall itself it was found that it was possible to bypass the rules. …

Hyperlink Injection it’s when attacker injecting a malicious link when sending an email invitation. HTML injection attack is injecting HTML code through the vulnerable parts of the website. The Malicious user sends HTML code through any vulnerable field with a purpose to change the website’s design or any information, that…

This blog is about setting the local Kubernetes cluster for learning & testing using multiple tools like Kind, Minikube, Kubeadm & K3s. KIND kind is a tool for running local Kubernetes clusters using Docker container “nodes”. …

1. Setting up Vulnerable Application For AWS WAF We will be setting custom DVWA for pentesting WAF. 1.1. We need to set up the ec2 instance where we will host DVWA. Let’s start by creating the instance by clicking “Launch Instances”.

Q. What is Core Rule Set & why it is utilized by all the cloud WAFs? A. …

Based on OWASP Top-10 Vulnerabilities. This time we are looking for secure coding bugs related to Injection Flaws 1) Path Traversal Attack Vulnerable Code Block def get_video(self, path=None): self.check_user_auth() data = None if not path: path = self.get_video_path() path = path[0] if path else None if…

Why you should not trust the cloud WAF? Introduction & Objective A web application firewall (WAF) or WAF appliance provides security by operating through an application or service thus blocking malicious calls, inputs, and outputs that do not meet the policy of a firewall. …

Amazon Simple Notification Service (Amazon SNS) is a fully managed messaging service for both application-to-application (A2A) and application-to-person (A2P) communication. How does Amazon SNS work? It is very easy to get started with Amazon SNS. Developers must first create a “topic” which is an “access point” — identifying a specific…

This guide talks about setting up the Clair scanner and performs scans on vulnerable DVWA container. Also now it is possible to perform a hands-on demo on katacoda. You can run the demo on Katacoda. For running the demo visit https://www.katacoda.com/justmorpheus Setting up Clair server or using locally. CoreOs Clair https://github.com/coreos/clair Clair-scanner https://github.com/arminc/clair-scanner