webappsec

3 min read 2021-09-21 21:40:00

Apache Struts 2 Double OGNL Evaluation Vulnerability (CVE-2020-17530)

A vulnerability (CVE-2020-17530) discovered last year in the Object Graph Navigation Language (OGNL) evaluation function of Apache Struts versions

6 min read 2020-11-17 03:38:36

It was almost 10 years ago that Marc Andreessen wrote that software is eating the world. It is still true today, but I would be even more specific

5 min read 2020-10-03 01:05:04

HTTP Request Smuggling (HRS) is a web application vulnerability that enables an attacker to craft a single request that hides a second request within

1 min read 2020-01-24 23:00:16

A vulnerability recently disclosed by Wordfence and published as CVE-2020-7047 and CVE-2020-7048 allows an attacker to take over vulnerable

4 min read 2020-01-15 23:00:28

Web applications and REST APIs can be susceptible to a certain class of vulnerabilities that can’t be detected by a traditional HTTP

3 min read 2019-12-11 22:12:50

Earlier this year the Qualys Web Application Scanning team discovered and reported an open redirect vulnerability (CVE-2019-11016) in Elgg, an open

2 min read 2019-03-14 03:24:37

We are pleased to announce that the Qualys WAS Jenkins plugin v2 is now available. This version of the plugin introduces new features to facilitate

7 min read 2017-12-19 00:31:50

Introduction NTLM authentication is the de-facto standard in corporate networks running Windows. There are a plethora of well-understood local

1 min read 2016-05-30 17:12:00

Introduction In the recent years a number of security-oriented client-side controls for web browsers appeared in the scene in form of security