152 matches found
Configuring Imperva SecureSphere for GDPR Compliance: Part One
Time is running out. 23 days until GDPR enforcement The GDPR effective date is less than a month away and, given the significant risk and potential costs associated with a failure to comply, organizational readiness efforts continue to mount. GDPR non-compliance penalties can be severe up to 79...
Drupalgeddon3: Third Critical Flaw Discovered
For the third time in the last 30 days, Drupal site owners are forced to patch their installations. As the Drupal team noted a few days ago, new versions of the Drupal CMS were released, to patch one more critical RCE vulnerability affecting Drupal 7 and 8 core. The vulnerability, code-named...
Making the Grade: Achieve SSL Labs A+ Grade with Imperva WAF
We all woke up to a new reality early last year. HTTPS adoption has reached the tipping point, meaning that more than half of web traffic is encrypted. The benefits of encrypting your traffic are obvious, right? It’s essentially about you securing data being transmitted by authenticating web...
RDaaS Security: How to Apply Database Audit and Monitoring Controls
As you move databases to cloud database platforms, data security and compliance requirements move along with it. This article explains how you can apply database audit and monitoring controls when migrating your database to cloud services, including the following: Introduction to RDaaS Benefits o...
Improve the ROI of Your Database Protection Investment
When an organization considers switching a mission-critical compliance or security system from one vendor’s solution to another it’s a very big decision. There is expense involved in acquiring the new solution, it will take time and money to deploy and retrain staff, and it will take careful...
Database Security at Cloud Scale
The biggest challenge to data security is the sheer volume and pace of data growth. More so even than the shift from relational data to unstructured or the migration of data to the cloud. “Cloud scale” is usually used to refer to technical items like data center size and operations or networks an...
Protecting Xero’s Cloud-Based Accounting Platform from Cyber Attacks
Meeting with customers is always insightful, and recently I got a chance to sit down with Aaron McKeown, head of security engineering and architecture at Xero, to talk about how they use Imperva SecureSphere for their cloud-hosted applications. Founded in 2006, Xero provides cloud accounting...
Tuning Capacity Tips for SecureSphere Database Activity Monitoring
You have Imperva SecureSphere Database Activity Monitoring DAM up and running. You’ve deployed the system and configured your business audit policies. So, what’s next? In a previous post I discussed the capacity management challenges of database monitoring solutions, in this post I’ll elaborate o...
How to Protect AWS ECS with SecureSphere WAF
Adoption of container technology is growing widely. More and more workloads are being transferred from traditional EC2 compute instances to container-based services. However, the need for securing the web traffic remains the same regardless of the elected platform. In this post, we’ll deep dive...
How to Deploy SecureSphere WAF on Azure
If you host apps in the cloud, then you need security in the cloud. The Imperva SecureSphere Web Application Firewall WAF identifies and acts upon dangers maliciously woven into innocent-looking website traffic, both on-premises and in the cloud, such as: Blocking technical attacks such as SQL...
How to Protect AWS API Gateway with SecureSphere WAF
Serverless architectures are becoming more and more popular, and Amazon’s API Gateway service is a key factor in many serverless deployments on AWS. Currently API Gateway only supports a public CloudFront endpoint, and securing the API Gateway with high-end WAF protection may seem like a difficul...
How to Secure AWS Deployments with SecureSphere WAF
The Imperva SecureSphere Web Application Firewall WAF analyzes all user access to business-critical web applications and protects your applications and data from cyberattacks. SecureSphere WAF dynamically learns an applications’ “normal” behavior and correlates it with crowd-sourced threat...
Protect Against WannaCry with Deception-Based Ransomware Detection
The WannaCry ransomware attack caught the world off guard—and may have even literally left some crying. The attack infected more than 230,000 computers in 150 countries by encrypting data on networked machines and demanding payments in Bitcoin. According to Malwarebytes researchers, the attack...
CVE-2011-4887
Cross-site scripting XSS vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall WAF 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field...
Cross site scripting
Cross-site scripting XSS vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall WAF 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field...
CVE-2011-4887
The CVE-2011-4887 entry covers an XSS vulnerability in the MX Management Server’s management GUI (Violations Table) of Imperva SecureSphere Web Application Firewall 9.0. The issue stems from input handling in the username field, allowing remote attackers to inject arbitrary web script or HTML. Do...
CVE-2011-4887
Cross-site scripting XSS vulnerability in the Violations Table in the management GUI in the MX Management Server in Imperva SecureSphere Web Application Firewall WAF 9.0 allows remote attackers to inject arbitrary web script or HTML via the username field...
Imperva SecureSphere Web Application Firewall MX 9.5.6 - Blind SQL Injection
No description provided by source. Blind SQL Injection to Imperva SecureSphere Web Application Firewall MX ======================================================================= ADVISORY INFORMATION Title: Blind SQL Injection on Imperva SecureSphere Web Application Firewall MX Discovery date:...
Imperva SecureSphere 5.0 - Cross-Site Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/28279/info Imperva SecureSphere is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code...
Imperva SecureSphere Operations Manager 9.0.0.5 - Multiple Vulnerabilities
No description provided by source. Original: http://www.digitalsec.net/stuff/explt+advs/Imperva-SecureSphere.OptMgr.txt =============================== - Advisory - =============================== Tittle: Imperva SecureSphere Operations Manager - Command Execution Post Authentication & Minor issu...