You bet. Any DAST or web app scanner searches for these out of the gates. We are partnered with several companies for importing scan data from these tools for our F5 Advanced Web Application Firewall. In this way, you get to understand the holes in your applications and then protect them appropriately while they get fixed. App development times can be lengthy, but WAF policy can be applied in minutes from a scan like that.
good examples - thx for explanation; I like this series!
...and thanks for the comment! :-) Glad you enjoyed the video!!
this one kinda confuses me a lot. it looks like it can be described as "logical/flow issues". need to take a closer look, atm this one is weird
How do they know the others request from Attackers is actually one?
So it s just a business logic error, right?
indeed
Thank you😄
can we detect these with the help of any Software or tool maybe ?
You bet. Any DAST or web app scanner searches for these out of the gates. We are partnered with several companies for importing scan data from these tools for our F5 Advanced Web Application Firewall. In this way, you get to understand the holes in your applications and then protect them appropriately while they get fixed. App development times can be lengthy, but WAF policy can be applied in minutes from a scan like that.
OWASP ZAP is definitely a big one if not the biggest