Hi all!

A small gift just before the weekend starts: Aikido's Firewall for Python is now in scope! We've updated our policy and severity assessment around the new scope, so make sure you review them thoroughly before submitting your reports.

Looking forward to your submissions!

Happy hacking,

Aikido's Security Team

Hi all!

Bypasses of our SQL injection detection are temporarily out of scope. The development team is working on a new approach for detecting SQL injection vulnerabilities. We'll send out an update once it is in scope again, with the technical details. For now, enjoy a small sneak peek: https://github.com/AikidoSec/firewall-node/pull/349.

Thank you and happy hacking,

Aikido's Security Team

Hi again,

Forgot to include this in the previous message, but @svennergr found the first shell injection detection bypass this week, which we patched yesterday. You can review the patch here: https://github.com/AikidoSec/firewall-node/pull/224.

Happy hacking,

Aikido's Security Team

Hi all!

Welcome to Aikido's Security Firewall Bug Bounty Program, where we hope to cover both vulnerabilities as well as vulnerability detection bypasses in our firewall. As outlined in the program's description, our firewall is a bit different than the traditional WAF, so your creativity will be very valuable for finding vulnerabilities, potential bypasses in vulnerability detection or even false positives we may trigger during detection.

If you have any (technical) questions, feel free to contact Intigriti's support team, who will forward the questions to us.

Happy hacking,

Aikido's Security Team