Franziska Buehler

How the CRS protects the vulnerable web application Pixi by OWASP DevSlop

How could the functionality of a WAF be better demonstrated than with a vulnerable web application? In this blog post I introduce Pixi, an intentionally vulnerable web application by the OWASP project DevSlop. I show its known vulnerabilities and examine how the CRS protects against these vulnerabilities. What is Pixi? Pixi is a deliberately vulnerable …

How the CRS protects the vulnerable web application Pixi by OWASP DevSlop Read More »

Disassembling SQLi Rules

Introduction I would like to explain my work disassembling highly optimized regular expressions. A project like this might discourage many people, but to me, it is very exciting work! I like this kind of investigative work and want to explain what, exactly, I did, why I did it and how! What's the problem? The SQLi …

Disassembling SQLi Rules Read More »