Dark Reading

Popular WAFs Subverted by JSON Bypass

Web application firewalls (WAFs) from five major vendors are vulnerable to malicious requests that use the popular JavaScript Object Notation (JSON) to obfuscate database commands and escape detection ...
CSOonline

JSON-based SQL injection attacks trigger need to update web application firewalls

Security researchers have developed a generic technique for SQL injection that bypasses multiple web application firewalls (WAFs). At the core of the issue was WAF vendors failing to add support for ...
Dark Reading

JSON Config File Leaks Azure ActiveDirectory Credentials

A publicly accessible configuration file for ASP.NET Core applications has been leaking credentials for Azure ActiveDirectory (AD), potentially allowing cyberattackers to authenticate directly via ...