Research

In this series the service delivery team writes about an outstanding talk they saw at a conference and implementing those lessons at scale.

Bypass WAFs with gigaproxy: an HTTP proxy that rotates IPs using mitmproxy, AWS API Gateway, and Lambda. Read the blog to learn more.

During the past few assessments, Sprocket has encountered improperly configured instances of Lucee 5 and 4. This blog post will detail a straightforward method to execute remote code after acquiring administrative access to a Lucee login panel.

Tools such as dirbuster, gobuster, feroxbuster, dirb, and ffuf have been instrumental in uncovering hidden content on websites. These tools and wordlists designed to discover files and directories have become staples in the toolkits of penetration testers and bug bounty hunters. Now more than ever, technology plays a vital role in cybersecurity practices.

Fixing these vulnerabilities in production is more expensive than finding and fixing them earlier in the SDLC. One way that organizations can drive down the cost of vulnerability management is by integrating security testing into software quality assurance (QA) testing.

The top five web application-specific attack surface management opportunities Sprocket Security sees regularly.