Prismo Blog

Virus Bulletin 2020: Just-In-Time Deception to Detect Credential-Stuffing Bots

We are excited to announce that the Prismo Systems team will be presenting our work on detecting bots at the upcoming VB2020 conference. UPDATE: Here is a link to the video on YouTube: https://www.youtube.com/watch?v=_cGc5UwWw5Q&feature=emb_logo...

Analysis of CVE-2019-2030: OGNL Expression Language Vulnerability

by Manish Sardiwal   In mid of August, Apache released a security bulletin S2-059 to address a vulnerability CVE-2019-0230. CVE-2019-0230 is an OGNL expression language vulnerability, which may lead to Remote Code Execution in the context of Apache...

Analysis of CVE-2020-9484: Persistent Manager Java Deserialization Vulnerability

  CVE-2020-9484 is a recently disclosed vulnerability in Apache. The vulnerability resides in how Apache Tomcat handles HTTP sessions. The first part of the blog details the handling of HTTP sessions for web applications. Followed by which we...

Detection of Vulnerabilities in Web Applications – Server-Side Request Forgery

By Abhishek Singh and Ramesh Mani In 2019 the server-side request forgery exploitation technique [1] was used to retrieve AWS (Amazon Web Services) credentials that were subsequently used to steal the personal information of over 100 million Capital...