No you can’t ‘WAF patch’ curl vulns CVE-2023-38545 and CVE-2023-38546

2023-10-11 — Written by Randy Gingeleski — 4 min read
#waf  #perimeter security  #cves  #curl 
Conditions for today’s curl CVE releases (CVE-2023-38545, CVE-2023-38546) and why you’ve got to say ‘NO’ to WAF patching them. For the good of all mankind.
Read more →

What can you do with Web3 anyway?

2022-07-24 — Written by Randy Gingeleski — 5 min read
#crypto  #emerging  #arweave  #blockchain 
Some ‘Web 3.0’ developments that may be of interest to hackers.
Read more →

Filecoin and Arweave vs. copyright enforcers

2022-07-10 — Written by Randy Gingeleski — 6 min read
#crypto  #copyright  #drm  #emerging  #arweave  #blockchain 
Contemporary decentralized file storage seems like an unrealized threat to copyright enforcers and brand-protectors.
Read more →

2021 OWASP Global AppSec talk on open source for anti-bot

2021-11-11 — Written by Randy Gingeleski — 2 min read
#appsec  #botting  #talks 
Information on my 2021 OWASP Global AppSec US talk ‘How to Thwart Malicious Automation and Kick Bot Butt for $0’.
Read more →

Towards a general anti-automation and botting program

2021-07-31 — Written by Randy Gingeleski — 40 min read
#appsec  #botting  #initiatives  #papers 
Despite what vendors will tell you, defending against malicious automation and ‘bots’ takes a multi-pronged approach.
Read more →