Tag Archives: Web Application Firewall

Shadowd – The Shadow Daemon Web Application Firewall

Shadowd (Shadow Daemon) is a collection of tools to detect, record and prevent attacks on web applications. Shadow Daemon is a web application firewall

NAXSI – Low Rules Maintenance WAF for NGINX

NAXSI means Nginx Anti XSS & SQL Injection. Technically, it is a third party nginx module, available as a package for many UNIX-like platforms.

bypass-firewalls-by-DNS-history – Tool to Bypass Firewalls

bypass-firewalls-by-DNS-history is a bash script (ab)uses DNS history records. This script will search for old DNS A records and check if the server..

Wafpass – Analyzing WAF Bypass Methods

WAFPASS is a tool to analyze parameters with all payloads' bypass methods, aiming at benchmark security solutions like WAF.

Naxsi Web Application Firewall module for Nginx

Nginx is getting more and more used by popular website, if we look at netcraft 9.63% of internet are today using nginx based webserver, this including huge websites such as Rambler, wordpress.com ,Sourceforge.net and vkontakte.ru. These website needs a big

Detecting & Bypassing Web Application Firewalls (part 2)

There is no single ideal system in the world, and this applies to Web application firewalls too (WAF’s). While the advantages and positive features far outweigh the negative in WAF’s, one major problem is there are only a few action

Detecting & Bypassing Web Application Firewalls (part 1)

When we hear the term firewall, most people think of the network filtering solution. But have you heard about the web application firewall (WAF)? Web applications have some serious vulnerabilities, and WAF provides a very important extra protection layer to