Nisari

I am using Wapiti to scan my web application. But there seem to be no vulnerabilities at all. What are the best options to be used with Wapiti command so that every page(after the login page) of my application can be scanned to the deepest level? I have turned off XSS prevention scripts in one of the pages and still find no vulnerabilities. This is the command that I used: $sudo wapiti https://mydomain.com/ -n 10 -f html -o reports

I am using Wapiti to scan my web application. But there seem to be no vulnerabilities at all. What are the best options to be used with Wapiti command so that every page(after the login page) of my application can be scanned? I have turned off XSS prevention scripts in one of the pages and still find no vulnerabilities. This is the command that I used: $sudo wapiti https://mydomain.com/ -n 10 -f html -o reports

I was using the nginx refactoring branch with modsecurity 2.9, earlier. Now, I have recompiled modsecurity (3.0) with the nginx-modsecurity connector. I had added 2 custom rules that were working well in the old compilation. But, now I am getting an error as follows while trying to restart nginx: nginx[18002]: [120B blob data] nginx[18002]: nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed Should I modify anything in the custom rules to get the rules working with modsecurity...

I am using modsecurity with nginx(v1.13.6) on ubuntu 16.04. When I try to upload a zip files/single jpeg/mov files via an API to my web server, I get the following error in the modsecurity error log. 2018/02/28 05:14:04 [error] 1893#0: [client 103...*] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/nginx/conf/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "309"] [id "920180"] [rev "1"] [msg "POST request missing Content Length Header."]...

I am using modsecurity with nginx(v1.13.6) on ubuntu 16.04. When I try to upload a zip files/single jpeg/mov files via an API to my web server, I get the following error in the modsecurity error log. 2018/02/28 05:14:04 [error] 1893#0: [client 103...*] ModSecurity: Warning. Operator EQ matched 0 at REQUEST_HEADERS. [file "/usr/local/nginx/conf/owasp-modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "309"] [id "920180"] [rev "1"] [msg "POST request missing Content Length Header."]...