Ivan Wallarm

@d0znpp

CEO

San Francisco, CA
wallarm.com
Joined April 2010
371 Photos and videos Photos and videos

Tweets

You blocked @d0znpp

Are you sure you want to view these Tweets? Viewing Tweets won't unblock @d0znpp

  1. Retweeted
    23 Jul 2019

    Download DZone’s 2019 Trend Report to read about the future of secure programming, experience how companies have overcome the dangers of digital transformation, and learn why shifting left isn’t enough.

    2 replies 16 retweets 19 likes
    Show this thread
    Show this thread
    Undo
  2. Retweeted
    7 hours ago

    If you are running multiple apps in multiple cloud environments this short video might help to understand how Wallarm can handle that: As always you can start a free trial at

    1 retweet
    Undo
  3. Retweeted
    Sep 8

    So CVE-2020-1523 and CVE-2020-1440 are actually powerful SSRF bugs and not just result in "tampering". Likewise CVE-2020-16875 is certainly NOT a memory corruption and I have a full working RCE exploit.

    8 replies 70 retweets 245 likes
    Undo
  4. Retweeted
    Sep 8

    22 retweets 93 likes
    Undo
  5. Retweeted
    Sep 8

    Clipboard API for browsers is inconsistent

    2 retweets 9 likes
    Undo
  6. Retweeted
    Sep 8

    Just published confirmed tech specs of Flipper Zero (Please check for errors) There are still many missing specs for U2F, USB, etc. Will update it while developing.

    4 replies 13 retweets 97 likes
    Undo
  7. Retweeted
    Sep 6

    Bypassing HTML sanitizers via prototype pollution (Sanitizers covered are: DOMPurify, sanitize-html, Closure and xss) : credits

    2 replies 62 retweets 130 likes
    Undo
  8. Retweeted
    Sep 6

    unimap: reduce scan times with Nmap for large amounts of data

    1 reply 12 retweets 36 likes
    Undo
  9. Retweeted
    Sep 5

    {“id”:111} --> 401 Unauthriozied {“id”:{“id”:111}} --> 200 OK POST /api/get_profile Content-Type: application/json {“user_id”:<attacker_id>,”user_id”:<victim’s_id>} GET /api_v1/messages?user_id=VICTIM_ID --> 401 GET /api_v1/messages?user_id=attack&user_id=VICTIM --> 200 OK

    7 replies 302 retweets 820 likes
    Undo
  10. Retweeted
    Sep 4

    If you are in financial space and still have not signed up for our webinar next week, it's time to do that. We will discuss the most important threads in the Financial space we see today and how to deal with them:

    1 retweet 2 likes
    Undo
  11. Retweeted
    Sep 3

    AWS uses a default security group of 0.0.0.0 when launching EC2 and RDS instances resulting in hosts and DB available to the world, by DEFAULT. Do you think this is a USER problem or an Provider problem?

    5 retweets
    Undo
  12. Retweeted
    Sep 2

    Feels good to find a critical XXE on a program in one hour. ☺️ If you haven't heard about local DTDs in XXE yet, check it out here: Another cool trick with error-based XXE is to access a file starting with colon (:) to trigger a "no protocol" error.

    15 replies 335 retweets 948 likes
    Undo
  13. Retweeted
    Sep 2

    The biggest weak JWT secrets dictionary available publicly

    26 retweets 81 likes
    Undo
  14. Retweeted
    Sep 2

    Fantastic insights from from by on capital options and their recommended minimum ARR

    2 retweets 5 likes
    Undo
  15. Sep 2

    The biggest weak JWT secrets dictionary available publicly

    26 retweets 81 likes
    Undo
  16. Retweeted
    Sep 2

    One of the immensely popular types of attacks in recent times that we see is brute force attacks on APIs. Wallarm helps to deal with that, and you can see how to configure that in this short video below. You can always start a trial

    1 retweet 2 likes
    Undo
  17. Aug 28

    10 minutes ready

    2 likes
    Undo
  18. Retweeted
    Aug 28

    If you did attend our webinar yesterday but would like to learn about Modern Cloud security solutions from Frank Kim feel free to download the deck or watch the recording.

    1 retweet
    Undo
  19. Retweeted
    Aug 26

    THAT was not easy. But we did it.

    36 replies 290 retweets 1,172 likes
    Undo
  20. Retweeted
    Aug 25

    If the entire URL is reflected unfiltered in href value, split the payload in different parameters to bypass the WAF

    1 reply 98 retweets 204 likes
    Show this thread
    Show this thread
    Undo

@d0znpp hasn't Tweeted yet.

Loading seems to be taking a while.

Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.

    You may also like

    ·