Web applications across the digital world are teeming with vulnerabilities increasingly equipped to defeat security mechanisms. Among them are injection attacks. We are aware of the many injection vulnerabilities present in a web application, for example, SQL injection, HTML injection, CRLF injection, cross-site scripting and many others. This article will discuss CRLF injection vulnerability in detail for web application security.
Cybersecurity leaders and practitioners recently gathered at Hack the Port in Ft. Lauderdale, Florida to discuss the evolving threats to ports – a key sector within the nation’s critical infrastructure – and how to better protect them.
Kubectl is the default command-line tool for Kubernetes. It makes it easier to use the Kubernetes API and manipulate Kubernetes resources, allowing you to control Kubernetes clusters and run commands to deploy applications, manage cluster resources, and view logs. This guide will look at how best to integrate the most common and useful kubectl commands into your workflows, as well as provide some helpful tools for further optimization.
A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Oh come on, hard coded password? Really?
Last week, we announced the discovery of Spring4Shell — a remote code execution (RCE) vulnerability in older versions of the spring-beans package. In our blog post Spring4Shell: The zero-day RCE in the Spring Framework explained, we showed how an old Tomcat exploit for CVE-2010-1622 became relevant again. Due to the nature of the problem, we expected that additional payloads could be created beyond this known Tomcat exploit.
