Cloud Lookup (and Bypass)

This module can be useful if you need to test the security of your server and your website behind a solution Cloud based. By discovering the origin IP address of the targeted host. More precisely, this module uses multiple data sources in order ViewDNS.info, DNS enumeration and Censys to collect...

incap-jira.secure.imperva.com Improper Access Control vulnerability

Security Researcher Nep13371998 Helped patch 562 vulnerabilities Received 4 Coordinated Disclosure badges Received 7 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting incap-jira.secure.imperva.com website and its users...

Imperva: Data Breach Caused by Amazon Cloud Misconfiguration

Imperva, the security vendor, said this week that a misconfiguration of an Amazon Web Services AWS cloud instance allowed hackers to exfiltrate information on customers using its Cloud Web Application Firewall WAF product. Formerly known as Incapsula, the Cloud WAF analyzes requests coming into...

Imperva Breach Exposes WAF Customers' Data, Including SSL Certs, API Keys

Imperva, one of the leading cybersecurity startups that helps businesses protect critical data and applications from cyberattacks, has suffered a data breach that has exposed sensitive information for some of its customers, the company revealed today. The security breach particularly affects...

Cybersecurity Firm Imperva Discloses Breach

Imperva, a leading provider of Internet firewall services that help Web sites block malicious cyberattacks, alerted customers on Tuesday that a recent data breach exposed email addresses, scrambled passwords, API keys and SSL certificates for a subset of its firewall users. Redwood Shores,...

WAFW00F v1.0.0 - Detect All The Web Application Firewall!

WAFW00F identifies and fingerprints Web Application Firewall WAF products. How does it work? To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of potentially...

Making Our Security Portfolio Simpler — and Better

Since its inception in 2009, Incapsula has been a proud part of Imperva, the analyst-recognized cybersecurity leader. However, cybersecurity needs are evolving, and so are we. On April 7th, we will officially retire Incapsula.com. All of the great Incapsula web site content that wasn’t already...

Enhance Imperva Cloud WAF with a New Management Tool in the Imperva GitHub

Imperva recently launched the Imperva GitHub where our global community can access tools, code repositories and other neat resources that aid collaboration and streamline development. The nice thing about these tools is that you can clone them and customize them with whatever functionality you...

Imperva Cloud WAF and Graylog, Part II: How to Collect and Ingest SIEM Logs

This guide gives step-by-step guidance on how to collect and parse Imperva Cloud Web Application Firewall WAF, formerly Incapsula logs into the Graylog SIEM tool. Read Part I to learn how to set up a Graylog server in AWS and integrate with Imperva Cloud WAF. This guide assumes: You have a clean...

Cloud Security For The Healthcare Industry: A No-Brainer

The healthcare industry has become one of the likeliest to suffer cyber-attacks, and there’s little wonder why. Having the financial and personal information of scores of patients makes it a very appetizing target for attackers. Just over a year ago, the WannaCry ransomware attack wreaked havoc o...

5 Key Factors to Consider When Comparing Cloud Security Solutions [Video]

Migrating to the cloud can be a challenge, and so can securing your platform once you’re there. It means having a security solution that is quick, adaptable and equipped to handle a wider breadth of attacks. Whether you’re in the market for a new security product, or you’re looking to switch, the...

Drupalgeddon3: Third Critical Flaw Discovered

For the third time in the last 30 days, Drupal site owners are forced to patch their installations. As the Drupal team noted a few days ago, new versions of the Drupal CMS were released, to patch one more critical RCE vulnerability affecting Drupal 7 and 8 core. The vulnerability, code-named...

NetRefer Chooses Imperva Incapsula WAF: A Case Study

Since 2005, companies have been using NetRefer’s performance marketing software to fully automate their affiliate programs. From enrollment through customer relationship management CRM, tracking, finance and rewards management and payments, NetRefer’s Unified Performance Marketing Platform...

Women in Tech and Career Spotlight: Jerusalem Bicha

We conclude our series featuring women in tech at Imperva with an interview with Jerusalem Bicha, network operations team lead at Imperva. We talked about her path to a career in cybersecurity. Tell us how you got into cybersecurity. JB: I actually don’t have a degree. My career in cybersecurity...

Q3 2017 Global DDoS Threat Landscape Report

Today we are releasing our latest Global DDoS Threat Landscape Report, a statistical analysis of 5,765 network and application layer DDoS attacks mitigated by Imperva Incapsula services during Q3 2017. Before diving into the report’s highlights, it should be mentioned that this quarter was marked...

Oracle FCDB <= 10.5 Cross Site Scripting Vulnerability

Exploit for multiple platform in category remote exploits Title: Cross Site Scripting - Oracle Flex cube Direct Banking Application 10.5 Application: Oracle FCDB Versions Affected: Oracle Flex cube Direct Banking Software 10.5 Note: The payload will bypass the most of the WAFs running behind the...

Women in Tech and Career Spotlight: Michal Pal

We continue our articles focusing on the themes of National Cyber Security Awareness Month with the first of a series of articles spotlighting some of the women who work at Imperva. I spoke to Michal Pal, automation group manager for the Imperva Incapsula product line and got to know about what...

Incapsula Updated Review — New Security Options, Improved Delivery and Reliability

It's been close to five years since we last looked at Incapsula, a security-focused CDN service known for its DDoS mitigation and web application security features. As one would expect, during these five years the company has expanded and improved, introducing lots of new features and even severa...

New Call to Regulate IoT Security By Design

A Washington, D.C. think tank whose mission is critical infrastructure security has joined the call for lawmakers to consider regulating the security of connected devices. In a report published this week, the Institute for Critical Infrastructure Technology pinned the blame for a rash of Mirai...

Identify Web Application Firewall: WAFW00F

WAFW00F Fingerprints and Identify Web Application Firewall WAF products WAFW00F is a Python tool to help you fingerprint and identify Web Application Firewall WAF products. It is an active reconnaissance tool as it actually connects to the web server, but it starts out with a normal HTTP response...