SQL injection bypasses back in scope for Zen, Node.js version >= 1.6.0!
12/19/2024, 3:55:47 PM (7 days ago)
12/19/2024, 3:56:34 PM

Hi all!

SQL injection bypasses are back in scope for Aikido Zen. We are starting out with Zen for Node.js (version >= 1.6.0), but we'll soon have SQL injection bypasses in scope for our Python agent again as well.

Our new SQL detection algorithm uses a tokenizer. The zen-internals repository is a great starting point to explore our new approach: https://github.com/AikidoSec/zen-internals/tree/main/src/sql_injection.

Looking forward to your submissions!

Happy hacking,

Aikido's Security Team

Aikido Firewall for Python now in scope!
9/6/2024, 10:37:35 PM (4 months ago)

Hi all!

A small gift just before the weekend starts: Aikido's Firewall for Python is now in scope! We've updated our policy and severity assessment around the new scope, so make sure you review them thoroughly before submitting your reports.

Looking forward to your submissions!

Happy hacking,

Aikido's Security Team

SQL injection bypasses temporarily out of scope
8/29/2024, 1:05:40 PM (4 months ago)

Hi all!

Bypasses of our SQL injection detection are temporarily out of scope. The development team is working on a new approach for detecting SQL injection vulnerabilities. We'll send out an update once it is in scope again, with the technical details. For now, enjoy a small sneak peek: https://github.com/AikidoSec/firewall-node/pull/349.

Thank you and happy hacking,

Aikido's Security Team

First Aikido Firewall bypass by @svennergr
6/7/2024, 4:17:20 PM (7 months ago)
6/7/2024, 4:18:54 PM

Hi again,

Forgot to include this in the previous message, but @svennergr found the first shell injection detection bypass this week, which we patched yesterday. You can review the patch here: https://github.com/AikidoSec/firewall-node/pull/224.

Happy hacking,

Aikido's Security Team

Launch of Aikido's Security Firewall Bug Bounty Program
6/7/2024, 3:30:38 PM (7 months ago)

Hi all!

Welcome to Aikido's Security Firewall Bug Bounty Program, where we hope to cover both vulnerabilities as well as vulnerability detection bypasses in our firewall. As outlined in the program's description, our firewall is a bit different than the traditional WAF, so your creativity will be very valuable for finding vulnerabilities, potential bypasses in vulnerability detection or even false positives we may trigger during detection.

If you have any (technical) questions, feel free to contact Intigriti's support team, who will forward the questions to us.

Happy hacking,

Aikido's Security Team