waf – Page 15 – WindowsTechs.com

UK’s Largest Mobile Carrier Relies on AWS and Imperva FlexProtect for Web Delivery and 360-Degree Application Protection

Posted on June 19, 2019 by Marty Jost

In today’s highly-competitive telecommunications market, the website is integral to successful and fast customer service. Downtime due to intrusion, data breach, or DDoS attack is intolerable. It’s why ten of the largest global telecommunic… Continue reading UK’s Largest Mobile Carrier Relies on AWS and Imperva FlexProtect for Web Delivery and 360-Degree Application Protection→

SQL Injection Attacks: So Old, but Still So Relevant. Here’s Why (Charts)

Posted on June 13, 2019 by Ori Nakar

We’re living in the Golden Age of data. Some companies analyze it to better themselves, others trade it for profit, none give it up freely due to its value — for their business, and for criminals, as well. SQL (Structured Query Language) is… Continue reading SQL Injection Attacks: So Old, but Still So Relevant. Here’s Why (Charts)→

Bot Manager vs. WAF: Why You Actually Need Both

Posted on June 6, 2019 by Ben Zilberman

Over 50% of web traffic is comprised of bots, and 89% of organizations have suffered attacks against web applications. Websites and mobile apps are two of the biggest revenue drivers for businesses and help solidify a company’s reputation with t… Continue reading Bot Manager vs. WAF: Why You Actually Need Both→

Requests logged in Cloudflare as "XSS, HTML Injection – Body"

Posted on June 4, 2019 by where

Rule name: XSS, HTML Injection – Body
Rule: 100096BHTML

Since about a week ago, requests matching this WAF rule have strongly increased on a customer’s website. This is an example graph showing only the number of those flagg… Continue reading Requests logged in Cloudflare as "XSS, HTML Injection – Body"→

How to (Securely) Share Certificates with Your Cloud Security Provider

Posted on May 23, 2019 by Ben Zilberman

Businesses today know they must handle sensitive data with extra care. But evolving cyber threats combined with regulatory demands can lead executives to hold their proverbial security cards close to their chest. For example, they may be reluctant to … Continue reading How to (Securely) Share Certificates with Your Cloud Security Provider→

Cloud WAAPs Are the Future of Application Security. But What Does That Mean?

Posted on May 13, 2019 by Kim Lambert

Millions of Verizon FIOS broadband users vulnerable to hackers controlling and surveilling their home networks. Thousands of GPS watches whose maps were open to attackers tracking and eavesdropping on children and elderly users. A zero-day hole in Micr… Continue reading Cloud WAAPs Are the Future of Application Security. But What Does That Mean?→

How are Web application firewalls typically implemented?

Posted on May 7, 2019 by SerAlejo

How are WAFs typically implemented?

I’m currently doing some research on this topic and found some sources that claim their “.htaccess” rules are used as a WAF.

Q1: I was wondering if this method could really be called a W… Continue reading How are Web application firewalls typically implemented?→

Casino Goes All In and Wins Big with Imperva Security

Posted on April 18, 2019 by Adam Fisher

There’s no good time to be hit by ransom-seeking DDoS attackers. For one casino-entertainment provider, the timing was particularly bad — right before one of its largest online poker events in 2016. The casino, which generates multiple bill… Continue reading Casino Goes All In and Wins Big with Imperva Security→

WAF is set to Alert, not block. We are seeing thousands of XSS and SQL Injection attacks. How can I tell if any were actually successful?

Posted on April 15, 2019 by Steve Bay

I’m pretty inexperienced with WAFs and the events/alerts it generates. I’m wondering how I can tell if any of those were successful? For example, in the last 24 hours we saw over 50K alerts/events of 941330 (Core Rule Set)…. Continue reading WAF is set to Alert, not block. We are seeing thousands of XSS and SQL Injection attacks. How can I tell if any were actually successful?→

The Ping is the Thing: Popular HTML5 Feature Used to Trick Chinese Mobile Users into Joining Latest DDoS Attack

Posted on April 11, 2019 by Vitaly Simonovich

DDoS attacks have always been a major threat to network infrastructure and web applications. Attackers are always creating new ways to exploit legitimate services for malicious purposes, forcing us to constantly research DDoS attacks in our CDN to buil… Continue reading The Ping is the Thing: Popular HTML5 Feature Used to Trick Chinese Mobile Users into Joining Latest DDoS Attack→