Web-App (Web-application) security has over the years been tilting towards more sophistication, and enhanced security. These advancement in securing the web, has not only improved in the way codes and products are being designed, but also on how the webserver hosting these codes are secured from the public internet access.
The securing of these webserver from the public internet was achievable, by these organizations proxying the web-application communications through CDNs. These Content Delivery Networks services ensures that the web-application hosting server information’s such as (server name, server versions, OS information and more) are fully protected, while providing firewall capabilities, that hardens and prevents the spidering of these web-app’s using hacking methods and automation tooling’s.
Subsequently, this makes it not an easy hit when it comes to uncovering vulnerabilities, that may exist in the targeted organization’s web-app (Web-application), leading to security researchers constantly finding themselves looking for ways to bypass these firewall rules, and then uncover vulnerabilities which may exist in these web-apps.
While it is possible to bypass these firewall filters, it is important to note that no two CDNs provides the same security implementation and provisioning. Hence, a filter that is able to bypass the security of a CDN such as Cloudflare, which is securing an organization web-application, may not work when the same filter bypass is applied to a web-application that is secured by Amazon CloudFront.
Thus, as a security researcher, you need to constantly be on the lookout on various prominent CDN services, and then possibly research more in-depth for filters that can be able to bypass these firewall rules, implemented by the CDN providers in securing customers web-applications that patronizes their services.
Top 49 Global CDN Services You Need to Know in 2024:
In order to save you the time on identifying these providers, here are a list of popular known CDN services every security researcher should know in 2024.
- Akamai.
- Alibaba Cloud CDN.
- Amazon CloudFront.
- ArvanCloud.
- BelugaCDN.
- BunnyCDN.
- CacheFly.
- Cedexis.
- CDN77.
- CDNetworks.
- CDNify.
- CDNsun.
- CDNvideo.
- ChinaCache.
- Cloudflare.
- Cloudinary.
- CoralCDN.
- Edge Gravity by Ericsson.
- EdgeCast.
- Fastly.
- G-Core Labs.
- Google Cloud CDN.
- Highwinds.
- Hibernia Networks.
- Hostry.
- ImageKit.
- Imperva.
- Incapsula.
- Jetpack CDN.
- jsDelivr.
- KeyCDN.
- Leaseweb CDN.
- Limelight Networks.
- MaxCDN.
- Medianova.
- MetaCDN.
- Microsoft Azure CDN.
- Netlify.
- OnApp CDN.
- Quantil.
- Rackspace CDN.
- Reblaze.
- SimpleCDN.
- StackPath.
- SUCURI.
- Swarmify.
- Varnish Software.
- Verizon Media Platform.
- Yottaa.
These lists are but a few well known CDN providers, and we hope as a security researcher, you can then learn more about their web-application security designs, and further understand the nature by which they implement their firewall rules.
This learning process can be achieved, by reading through the various documentations provided by these Content Delivery Networks and conduct your research on how to bypass their various security implementations on web-apps that you encounter, during your penetration testing. Thanks for the read.
Put your comments below in the comment section on your thoughts about this.
Find this article and information helpful? Show some love and support “Click-Here”