Showing Posts From
September 2020
- 29 Sep 2020
Application-level Purple Teaming: A case study
An application-level purple teaming approach was demonstrated using a file-sharing web application. The methodology focused on improving logging, alerting, and potential response mechanisms by systematically identifying detection gaps across enumeration and injection attack categories. The project used tools like Elasticsearch, Logstash, Kibana, and ElastAlert to enhance application security detection capabilities.
-
Rob Russell - 7 Sep 2020
Securing AEM With Dispatcher
This article explores securing Adobe Experience Manager (AEM) using Dispatcher configuration. It demonstrates how to prevent security vulnerabilities by carefully configuring Dispatcher rules to block potential exploits. The walkthrough includes identifying and mitigating Dispatcher bypasses and cross-site scripting (XSS) attacks through systematic testing and rule refinement.
- Krzysztof Pranczk
- 2 Sep 2020
N1QL Injection: Kind of SQL Injection in a NoSQL Database
N1QL injection is a vulnerability in Couchbase NoSQL databases that allows attackers to manipulate database queries. An open-source tool called N1QLMap was developed to automate N1QL injection testing and exploitation. The tool enables data extraction, system information retrieval, and server-side request forgery (SSRF) attacks through specialized query techniques.