Bypassing Imperva SecureSphere WAF (CVE-2023-50969)
Background Imperva SecureSphere Web Application Firewall (WAF) is an on-premise security solution to inspect, monitor and block traffic to web applications.
Background Imperva SecureSphere Web Application Firewall (WAF) is an on-premise security solution to inspect, monitor and block traffic to web applications.
The kind folks at Adobe have invited me back to speak at CF Summit East 2024 in Washington DC.
From: South of Shasta: Software Development, Web Design, Training
Ben Nadel explores the life-cycle of a custom magic in Alpine.js....
From: Ben Nadel
Technical details for CVE-2024-20767 (ColdFusion Arbitrary File System Read) from APSB24-14 have now been publicly disclosed by the researcher who reported it to Adobe PSIRT: https://jeva.
Ben Nadel demonstrates how to parse a time span back into days, hours, minutes, and seconds in ColdFusion....
From: Ben Nadel
Ben Nadel tries to build a calendar component in Alpine.js....
From: Ben Nadel
Ben Nadel demonstrates that an HTML template can be mutated just like any other DOM mutation in JavaScript....
From: Ben Nadel
Ben Nadel demonstrates that CSS enter animations gives us 80% of the user experience value with only 20% of the work (if that)....
From: Ben Nadel
Last week's Adobe ColdFusion security update disabled searchImplicitScopes by default.
From: Pete Freitag's Homepage
Ben Nadel demonstrates how to read the collection of HTML attributes out of the DOM in JavaScript....
From: Ben Nadel
Last week, researchers at Sprocket Security wrote about post-exploitation in Lucee via malicious extensions.
Ben Nadel and the crew talk to Thelma Van about product design thinking....
From: Ben Nadel
Ben Nadel and the crew talk survey results that show a higher salary for developers who indent code with spaces....
From: Ben Nadel
Ben Nadel demonstrates how to add One-Click easy unsubscribe functionality for ColdFusion emails....
From: Ben Nadel
Ben Nadel identifies and fixes a comment subscription issue....
From: Ben Nadel
Ben Nadel uses the Angular.js expression parser to create a robust and CSP-compliant Alpine.js application....
From: Ben Nadel
Adobe has published a ColdFusion Security Hotfix APSB24-14 today which describes "a critical vulnerability that could lead to arbitrary file system read".
From: Pete Freitag's Homepage
This is a very important heads-up for my readers: there was an important security update released today by Adobe for ColdFusion 2023 (update 7) and 2021 (update 13).
Ben Nadel creates a recursive JSON data structuring rendering with Alpine.js 3.13.5....
From: Ben Nadel
Ben Nadel explores the use of Alpine.js to progressively enhance (AJAX'ify) part of a ColdFusion-rendered page....
From: Ben Nadel