October 2019 - What's New in Web Performance?

Today, Akamai announced the October 2019 Release, which introduces new capabilities to the Performance product line with a focus on helping customers deliver superior experiences with the power of the Edge. Here are some highlights from the release with additional detail below. EdgeWorkers enable...

Faster JWT Key Rotation in API Gateway

JSON Web Tokens JWT use digital signatures to establish the authenticity of the data they contain, as well as authenticating the identity of the signer. A valid signature check ensures that any party can rely on the contents and the...

CVE-2019-15630

Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow...

Directory traversal

Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow...

CVE-2019-15630

CVE-2019-15630 describes a directory traversal vulnerability affecting MuleSoft products: APIkit, HTTP connector, and OAuth2 Provider components in Mule Runtime 3.x/4.x and all MuleSoft API Gateway versions released before August 1, 2019. The issue permits remote attackers to read files accessibl...

IPRotate - Extension For Burp Suite Which Uses AWS API Gateway To Rotate Your IP On Every Request

Extension for Burp Suite which uses AWS API Gateway to change your IP on every request. More info: https://rhinosecuritylabs.com/aws/bypassing-ip-based-blocking-aws/ Description This extension allows you to easily spin up API Gateways across multiple regions. All the Burp Suite traffic for the...

Bypassing IP Based Blocking with AWS API Gateway

The post Bypassing IP Based Blocking with AWS API Gateway appeared first on Rhino Security Labs...

CVE-2019-11208

The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specifi...

CVE-2019-11208

The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specifi...

Authorization

The authorization component of TIBCO Software Inc.'s TIBCO API Exchange Gateway, and TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically processes OAuth authorization incorrectly, leading to potential escalation of privileges for the specifi...

CVE-2019-11208

CVE-2019-11208 affects TIBCO API Exchange Gateway (versions 2.3.1 and earlier) and its Distribution for TIBCO Silver Fabric (2.3.1 and earlier). The vulnerability lies in the authorization component, which may process OAuth authorization incorrectly when multiple scopes are used, potentially allo...

PT-2019-12186 · Tibco · Tibco Api Exchange Gateway +1

Name of the Vulnerable Software and Affected Versions: TIBCO API Exchange Gateway versions 2.3.1 and prior versions TIBCO API Exchange Gateway Distribution for TIBCO Silver Fabric versions 2.3.1 and prior versions Description: The authorization component of TIBCO API Exchange Gateway contains a...

com.bytekast.serverless-local-apigateway:com.bytekast.serverless-local-apigateway.gradle.plugin (>=0.4 <=0.5), gradle.plugin.com.bytekast:serverless-local-apigateway (>=0.4 <=0.5) +1 more potentially affected by CVE-2019-11808 via io.ratpack:ratpack-groovy (>=0.9.0 <=1.6.0)

io.ratpack:ratpack-groovy MAVEN version =0.9.0, =0.4, =0.4, =0.9.0, =1.10.0-milestone-39 Source cves: CVE-2019-11808 Source advisory: OSV:GHSA-54MG-VGRP-MWX9...

Enhancing API Gateway With Request Throttling to Manage Overconsumption

API traffic is exploding online and across the Akamai Intelligent Edge Platform. APIs are the connective tissue among organizations driving innovative and integrated digital experiences. As these experiences are mission critical for organizations to monetize partnerships, create connections for...

Happy graduation, Envoy!

Envoy, the new darling of the DevOps community, performs the role of a service and edge proxy. With advanced features such as timeouts, rate limiting, circuit breaking, load balancing, retries, stats, logging, and distributed tracing are required to handle network failures in a fault tolerant and...

API Gateway -- Secure API Traffic with OAuth 2.0 and Cache GraphQL Responses

APIs are the connective tissue between software and modern digital experiences, and they must be exposed to consumers in a way that prevents misuse. This means your APIs must have appropriate governance authorization, authentication, quota management policies to prevent consumers from abusing API...

hideNsneak - A CLI For Ephemeral Penetration Testing

This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls. Black Hat Arsenal Video Demo Video ...

Wallarm NG-WAF is Now a Part of Kong Hub to Provide Better Protection for Microservices, APIs and…

Wallarm NG-WAF is Now a Part of Kong Hub to Provide Better Protection for Microservices, APIs and Serverless Thousands of companies from startups to Fortune 500 enterprises use Kong as their API gateway. With a blazingly fast performance, it comes with a perfect feature set for everyone who manag...

CLI for Ephemeral Penetration Testing: hideNsneak

This application assists in managing attack infrastructure for penetration testers by providing an interface to rapidly deploy, manage, and take down various cloud services. These include VMs, domain fronting, Cobalt Strike servers, API gateways, and firewalls. hideNsneak provides a simple...

OpenSSL CVE-2018-0732 Denial of Service Vulnerability

Description OpenSSL is prone to denial-of-service vulnerability. An attacker can exploit this issue to cause a denial-of-service condition. Technologies Affected OpenSSL Project OpenSSL 1.0.2 OpenSSL Project OpenSSL 1.0.2a OpenSSL Project OpenSSL 1.0.2b OpenSSL Project OpenSSL 1.0.2c OpenSSL...