The Most Famous Vulnerabilities - HTTP Parameter Pollution
Jozsef Konnyu

The Most Famous Vulnerabilities - HTTP Parameter Pollution

In the previous blog article, we learned about SQL injection and how it works. If you read it then you will know that it belongs to the family of the most serious vulnerabilities. The next vulnerability is not going to be so serious, but it's worth taking care of. What is HTTP Parameter Pollution? The easiest way to introduce this vulnerability is to show the method that you have seen many times on websites or any other application that can be linked to the Internet at some level: redirection. A lot of websites use this technique to redirect from one website to another, or even within...
Read more
HTTP/2 support with BitNinja WAF 2.0
Zoltan Toma

HTTP/2 support with BitNinja WAF 2.0

HTTP/2 support with BitNinja WAF 2.0 The version of bitninja-ssl-termination 1.1.0, which is practically a HAProxy (1.8.9), can handle HTTP2 connections. It will be installed automatically by BitNinja (v 1.20.10) and it will reconfigure the configs for HTTP/2. It only affects the HTTPS connections. HTTP2 over TLS (h2) is supported by all of the modern browsers. Why HTTP/2?  HTTP/2 compared to HTTP/1.1 is far more powerful, it can broadcast requests and answers in parallel, so the browser needs to open only 1 connection to the server instead of 6-8. This connection is far more...
Read more
What is going on  in the background of the cyberworld
Laszlo Takacs

What is going on in the background of the cyberworld

There are things we are not really waiting for, in fact we are looking for a way to bypass or avoid them. Unfortunately, some of them are inevitable just like the Cyber Worldwar, which in fact has already begun. Mentionable acts from history There was a historical milestone on May 12th, 2017 when within only one day one country has invaded 150 other countries. Now you would start to think: why can't I remember anything like this? Well, the answer is simple, it was the "in"famous WannaCry ransomware, it has invaded more than 200 thousand computers. By assumptions, it originated from North...
Read more
Security by design
Laszlo Takacs

Security by design

Our team has attended the CloudFest back in March where during the security panel we have attended a presentation about the importance of security by design an important thing in terms of responsibility and suggested OWASP as a standard to start with. In this blog post we would like to show, why it is important for developers too, not just for security providers. The best way to define it is an approach to software and hardware development where the main goal is to make a system as free of vulnerabilities and imprevious to attack as possible. To achieve this there is a need for a huge amoun...
Read more
BitNinja Daily Routine - How to eliminate hackers on your servers completely?
George Egri

BitNinja Daily Routine - How to eliminate hackers on your servers completely?

We have collected the best practices of the most successful BitNinja customers. Would you like to completely eliminate hackers on your servers? Follow this guideline to achieve the most with BitNinja and stop all hackers. The initial steps When you first install BitNinja on your server, the best you can do is to enable all modules. All the beta modules are used in many production servers, it is safe in most of the cases to simply enable them all. If you have considerations about enabling all the modules, then here is a list of minimal modules to enable: IP reputation DoS detectio...
Read more
MongoDB vs. Elasticsearch
Jozsef Konnyu

MongoDB vs. Elasticsearch

What is MongoDB? MongoDB is an open-source NoSQL database that uses a document-oriented data model. This type of model is built on an architecture of collections and documents instead of using tables and rows like MySQL. Documents are built from key-value pairs which are the basic units of MongoDB. These documents may also be part of different collections - like tables - in a relational the database. Being a NoSQL database MongoDB uses dynamic schemas for documents and as a result, they may be structurally different. This database also uses BSON (Binary JSON) – which is...
Read more
Software-defined storage pool
Daniel Mecsei

Software-defined storage pool

At Virtualization Day 2017 in Budapest, Hungary, we saw pretty good presentations about a different type of virtualizations and architecture concepts. In forenoon, Gergely Rab from Dell have shown us some very useful tools and solutions for software-defined storage architecture. One of these products is ScaleIO, which utilizes standard x86 servers and Ethernet network. In a standard lifecycle, you firstly plan and deploy your new array, then expand and optimize the storage. When the array comes to the end of its life, the process begins again, and you’ll also have to migrate your data...
Read more
Hot new feature - Goodbye CAPTCHA! Hello Browser Integrity Check!
Anita Batari

Hot new feature - Goodbye CAPTCHA! Hello Browser Integrity Check!

How would you imagine a world where annoying CAPTCHAs are not the first line when it comes to identification of botnets and human visitors? Here at BitNinja we thought big and made it come true. Let us show you a security solution where the visitors with suspicious incidents in their past don't have to type anything, moreover, they don't have to click anywhere either. It sounds too good to be true, isn't it? Some of our users (you know, big players who) run into this issue when their end-users - who would like to surf on sites - were afraid of filling CAPTCHAs. We couldn...
Read more
Vulnerabilities of Small Office/Home Office routers
Ferenc Barta

Vulnerabilities of Small Office/Home Office routers

I'm quite sure that you have one of the small office/home office (SOHO) devices at home to share the Internet access for your computers, smartphones and IoT gadgets. These devices are really great, as they are capable of routing and address translation, they often have a built-in switch, an access point and a user-friendly web-based management interface.  In summary, they meet the requirements of home networking for an affordable price. Unfortunately, researchers and hackers often find serious vulnerabilities in these consumer-grade devices. Recently we have contacted several I...
Read more
High Availability
Daniel Mecsei

High Availability

In computer science, the term of availability is used to describe the period of time when a service is available. High availability is a quality of a system that assures high-level performance for a given period of time. The main goal of high availability is to eliminate the Single Point of Failures (SPoF) in your infrastructure. To eliminate SPoF, each layer of your stack must be prepared for redundancy. Be aware, redundancy alone cannot guarantee high availability. A mechanism must detect the failures and take action when one of your components of the stack becomes unavailable....
Read more