Every Application Should Be Behind a WAF

It's no secret that security threats continue to expand in volume and variety, making headlines on virtually a daily basis. From nation-state attacks, corporate espionage, and data exfiltration campaigns to all-in-one and sneaker bot campaigns, businesses across the globe find themselves dealing...

Verizon DBIR: Web App Attacks and Security Errors Surge

Verizon’s 2020 Data Breach Investigations Report DBIR, released Tuesday, analyzed 32,002 security incidents and 3,950 data breaches to sniff out the top causes of data breaches over the past year. While cyber-espionage attacks and malware decreased, other trends, such as security “errors” cloud...

Imperva Poised to Deliver its Leading Advanced Bot Protection and Network Security in India

With a presence in India since 2017, Imperva is continuing to provide a level of security excellence in the region. With Asia in general as both the target and source of most network DDoS attacks, and India topping the list for the first time in our latest DDoS threat landscape report, this is mo...

State of the Internet, Volume 5, Issue 1

Is it too late to still say "Happy New Year?" We don't think so. We're kicking off 2019 with our first issue of the State of the Internet / Security. Goal setting is something that security teams around the world are doing right now. What are your team's goals? How do your goals align with the...

Targeted Security Attacks Impact Holiday Shopping

Part 2 - Security In the first post, web performance was discussed, especially for the mobile visitor. While web performance is critically important, security is also a vital area of focus and investment because, threat actors don't take holidays. They're always out on the internet probing sites,...

Information disclosure

Dell EMC Secure Remote Services, versions prior to 3.32.00.08, contains an Information Exposure vulnerability. The log file contents store sensitive data including executed commands to generate authentication tokens which may prove useful to an attacker for crafting malicious authentication token...

Summer SOTI - Web Attacks

Continuing Changes Welcome to the second blog post for the Summer 2018 State of the Internet / Security. If you've read the SOTI / Security report before, much of what you see here should be familiar, though the time frame we're looking at is the six months from November 2017 to April 2018, inste...

Clustering App Attacks with Machine Learning Part 1: A Walk Outside the Lab

A lot of research has been done on clustering attacks of different types using machine learning algorithms with high rates of success. Much of it from the comfort of a research lab, with specific datasets and no performance limitations. At Imperva, our research is done for the benefit of real...

Six Ways to Secure APIs

API usage in application development has become the trend of the year. Adoption of micro-services and server-less architectures have only accelerated this trend. Based on conversations with analysts and customers, we expect APIs to become the majority of web application front ends in next couple ...

Superior and safe user experiences with the Akamai Cloud Delivery Platform

Your customers are unique and they all expect fast, secure, personalized digital experiences. They are spread across the world, in regions of varying network connectivity, utilize a plethora of devices and screen sizes - making it challenging to deliver your experiences. By delivering 95 Exabytes...

TRS Infogate Plugin SSRF Vulnerability

TRS Infogate is a general-purpose plug-in developed by TORS for application on WCM and IDS platforms of national governments, enterprises and institutions. TRS Infogate plug-in page infogate/customer/system/wcmurltest.jsp SSRF vulnerability. The page in the infogate/customer/system directory can...

2014 Verizon Data Breach Investigations Report DBIR

The attention given to the Target data breach elevated concerns about point-of-sale hacks and got us reacquainted with RAM scrapers and other threats to retailers big and small. And while it’s been a noteworthy highlight to the annual Verizon Data Breach Investigations Report for the past few...

Profense 2.2.20/2.4.2 - Web Application Firewall Security Bypass

source: https://www.securityfocus.com/bid/35053/info Profense Web Application Firewall is prone to multiple security-bypass vulnerabilities. An attacker can exploit these issues to bypass certain security restrictions and perform various web-application attacks. Versions prior to the following ar...

Profense 2.2.202.4.2 - Web Application Firewall Security Bypass

Profense 2.2.202.4.2 - Web Application Firewall Security Bypass source: https://www.securityfocus.com/bid/35053/info Profense Web Application Firewall is prone to multiple security-bypass vulnerabilities. An attacker can exploit these issues to bypass certain security restrictions and perform...