Lucene search
K
ImpervablogMost viewed

1025 matches found

Imperva Blog
Imperva Blog
added 2017/07/27 4:53 p.m.20 views

How to Secure AWS Deployments with SecureSphere WAF

The Imperva SecureSphere Web Application Firewall WAF analyzes all user access to business-critical web applications and protects your applications and data from cyberattacks. SecureSphere WAF dynamically learns an applications’ “normal” behavior and correlates it with crowd-sourced threat...

6.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/06/14 3:30 p.m.20 views

5 Questions to Ask Your CISO about the GDPR

The European General Data Protection Regulation GDPR comes into force on May 25, 2018, and it will have a huge impact on the way businesses store and collect personal information belonging to those located in the European Union EU. The regulation applies to all businesses that hold and process da...

6.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/04/24 4:30 p.m.20 views

Get a Single View of WAF Events with the Imperva AppSecurity View App for Splunk Enterprise

Enterprises are adopting a hybrid infrastructure model to take advantage of rapid deployment of cloud-based services and higher computing power. A compilation of analyst predictions by SecureWorks, shows that the cloud continues to gain momentum as organizations embrace and benefit from new ways ...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/04/20 3:30 p.m.20 views

Shortening Your DCAP Short List: Five Critical Things to Consider for a Data-Centric Audit and Protection Solution

Exponential data growth. You’ve heard it many times before, but it’s still the most accurate way to describe the enormous and growing amount of data that businesses generate and collect today. It’s this growth that is driving today’s enterprises to revisit their strategies for data security and...

6.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2026/01/26 7:28 p.m.19 views

Imperva Customers Protected Against CVE-2026-21962 in Oracle HTTP and WebLogic

What Is CVE-2026-21962? CVE-2026-21962 is a critical CVSS 10.0 vulnerability in the Oracle HTTP Server and the WebLogic Server Proxy Plug-in for Apache HTTP Server and Microsoft IIS. An unauthenticated attacker with HTTP access can exploit this flaw by sending crafted requests to the affected pro...

10CVSS6AI score0.42658EPSS
Exploits4
Imperva Blog
Imperva Blog
added 2025/05/07 6:22 p.m.19 views

Early 2025 DDoS Attacks Signal a Dangerous Trend in Cybersecurity

As we enter 2025, the threat landscape continues to evolve, with Distributed Denial of Service DDoS attacks growing in both scale and sophistication. So far this year, we’ve already seen several major DDoS attacks over 5 million Requests Per Second RPS, signaling a concerning trend for...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/02/13 12:36 p.m.19 views

Security Flaw in CoCalc: One Click and Your Cloud is Ruined

TL;DR Imperva Threat Research discovered and reported a security flaw in the CoCalc Cloud environment. The flaw enabled potential attackers to completely take over a target’s account with only a single click from the victim. This flaw was due primarily to the lack of separation between the user...

6.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/10/11 3:20 p.m.19 views

Why Cool Dashboards Don’t Equal Effective Security Analytics

Mark Twain once said, “Data is like garbage. You’d better know what you are going to do with it before you collect it.” This statement rings true in todays cybersecurity landscape. Security professionals are inundated with a flood of data, and often, they dont know how to make sense of it. To add...

6.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/08/28 8:19 p.m.19 views

Imperva Clinches 2023 SC Media Trust Award for Best Database Security Solution: A Back-to-Back Victory

Imperva, a global leader in cybersecurity, is proud to announce that we have once again been honored for our industry-leading database security solutions, earning the prestigious 2023 SC Media Trust Award for Best Database Security Solution. This accolade marks the second consecutive year that...

6.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/05/08 12:24 p.m.19 views

The Anatomy of a Scalping Bot: NSB Goes Undercover & How it Avoids Detection

In the first blog post, we introduced you to the Nike Shoe Bot NSB, one of the most dangerous scalping bots around. We outlined its purpose, its behavior, and described how we recovered its source code. In this blog post, we will take a closer look at the bots source code, and determine what...

6.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/03/08 11:35 p.m.19 views

Imperva Announces Joining the EDB GlobalConnect Technology Partner Program and Certification of Imperva’s DSF Agents to Support EDB Postgres Advanced Server and Community PostgreSQL Databases

It’s official, Imperva has joined the EnterpriseDB EDB GlobalConnect Technology Partner Program. While Imperva has supported and protected the EDB Postgres Advanced Server and community PostgreSQL databases, it is now an EDB Certified security solution. Imperva’s Data Security Fabric DSF agents a...

1.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/11/16 9:21 a.m.19 views

Misconfigurations of Cloud-Managed Infrastructures Continue to be a Major Challenge to Data Security

In case you missed the memo, cloud-hosted data is here to stay. Recent data shows spending on cloud services reached a total of $178 billion in 2021, a 37 percent increase over the $130 billion spent in 2020 and twice the amount enterprises are spending on their data centers. As more organization...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/09/14 12:51 p.m.19 views

7 Ways Good Data Security Practices Drive Data Governance

As more organizations continue with digital transformation plans, their ability to be good stewards of the data for which they are responsible becomes more difficult. They are generating more data, more data types, in more repositories, in more and different architectures. Every day, organization...

0.6AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/09/13 11:26 a.m.19 views

Three Keys to Securing Shadow Data

What is shadow data? Shadow data is any data contained anywhere in your entire data repository that is not visible to the tools you use to monitor and log data access. Shadow data may include: Customer data that DevOps teams copied into an unknown database to test applications they are developing...

6.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/09/07 12:53 p.m.19 views

Why the Search for Best-Of-Breed Tooling is Causing Issues for Security Teams

The growing need to consolidate vendor portfolios The adoption of best-of-breed security solutions has led to unforeseen problems for SOCs. Onboarding a new solution increases complexity; it requires configuration, integration with existing tools, fine-tuning policies, and the ability to create...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/08/24 1:21 p.m.19 views

Calculate Splunk Ingestion Costs Savings when Pre-Processing Data Repository Logs with Imperva DSF

If you use Splunk to ingest all your data for security analytics, you likely recognize it as one of the greatest indexing tools ever created. With Splunk, your security teams get a real-time view of machine data from the network, data center, or IT environments. Many enterprises also use Splunk t...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/08/15 2:22 p.m.19 views

Three Keys to Turning Data-centric Security Theory into Practice

Most cybersecurity professionals agree that as more organizations move data and applications to cloud-hosted environments, traditional measures focusing on protecting IT infrastructures are not up to the task. In fact, according to Crowd Research Partners, 84 percent of organizations say...

0.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/08/03 12:51 p.m.19 views

The Three Key Competencies that Optimize Data Security Orchestration

One of the principal benefits of a modern data-centric security fabric is being able to automatically apply security controls to the data itself and drive policy-compliant data handling behavior by privileged users. But we all know that detecting a security incident is just the first part of the...

0.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/07/15 1:48 p.m.19 views

What is Steganography, and how can we Avoid it?

What is steganography? Steganography is, broadly, a type of covert communication involving the use of any medium to hide messages. Steganography is a relatively old technique of hiding ‘secret’ data in plain sight to avoid detection. Seeing a resurgence of late, bad actors are taking advantage of...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/07/01 2:44 p.m.19 views

How to Monitor Athena Usage to Understand Your Operations, and Control Security and Costs

Introduction to our data lakes experience Data lakes are great. They are flexible as they allow many object formats and multiple query engines. They are also cost effective - there is no need to manage or pay for resources like disks, cpu and memory. Data is simply stored in an object store and i...

7.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/06/27 12:49 p.m.19 views

Five Ways the Gaming & Gambling Industry is Targeted by Bad Bots

Let’s play a game of chance: What are the odds that your gaming website is being targeted by bad bots? Imperva research suggests they’re higher than you may think. Imperva’s 2022 Bad Bot Report reveals that 53.9 percent of traffic to gaming and gambling websites comes from bad bots. With the...

0.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/05/24 1:34 p.m.19 views

How to Develop Machine Learning Skills for Every Employee in Your Company

Everyone loves Artificial Intelligence AI and Data Science DS, and it’s probably not going to change for the next decade or so. Even so, most people only have the general idea what data science is and what machine learning or AI algorithms can do. This is quite normal and a common phenomenon for...

7.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/04/28 12:48 p.m.19 views

API Security is Necessary to Stop Threats that WAFs and Bot Protection Cannot

Today, there are still API security threats that most WAFs and Advanced Bot Protection solutions cannot manage. In this post, we’ll explain these new types of threats and make some recommendations for features you need within solutions to protect your APIs. When a bad actor makes a completely val...

0.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/02/16 11:47 a.m.19 views

Imperva Mitigates Massive Bot Attack of 400 Million Requests

Imperva Advanced Bot Protection detected and stopped the largest bot attack in Imperva history. The web scraping attack targeted a global job listing site with operations in six countries. The attacker used a large-scale botnet, generating no less than 400 million bot requests from nearly 400,000...

6.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/01/11 2:26 p.m.19 views

What to Include in a Cybersecurity Disaster Recovery Plan

If the unthinkable were to happen to your business, what’s your disaster recovery plan? If bad actors were to inject ransomware into your system, what’s your process for a return to normal working? Google the words “What do I do if I have a cybersecurity breach” and the first twenty results will...

Exploits0
Imperva Blog
Imperva Blog
added 2021/12/16 7:8 p.m.19 views

Ransom DDoS Enters its Fourth Wave

Extortionists target industries with most to lose from an outage Cybercriminals continue to target organizations threatening Denial of Service DDoS attacks in exchange for a ransom payment, traditionally demanded in bitcoin BTC. And it seems that no matter how many times these ransom threat cycle...

0.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/10/21 2:2 p.m.19 views

The FP Paradox on the battlefield against COVID-19 and cyber threats

Lets consider for a moment the “next” communicable virus. You show no symptoms but you try a home testing kit anyway, expecting the result to be negative. To your great surprise, the result is positive! The information enclosed in the testing kit package explained that the test results are nearly...

6.7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/10/13 5:19 p.m.19 views

The ad blocker that injects ads

Deceptive ad injection is a growing concern on the internet today, affecting many people browsing the web. And while the concept isn’t new Google stated it was the most common complaint amongst Chrome users back in 2015, just like with other online threats, bad actors are constantly refining thei...

0.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/09/16 1:27 p.m.19 views

A security architect’s POV on a mature data-centric security program, Part 1

In this three-part series, you’ll hear first-hand from security architects on the front lines about what it takes to move organizations from a compliance-centric to a mature data-centric database security model. You’ll gain insight into the challenges associated with retaining, accessing and...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2021/06/30 2:6 p.m.19 views

Mitigating attacks in serverless environments

Serverless computing has become the fastest-growing segment in the cloud services market. The benefits are clear and significant: cost savings and lower operational overhead, giving development teams full control over code and flexibility in the infrastructure. This also means that, in terms of...

0.2AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/09/15 2:28 p.m.19 views

When The Going Gets Tough – R&D Calls With Customers – Doing It Right!

Several years ago, I joined the development team of a new product within Imperva. I discovered that direct interaction between us developers and our customers was much more frequent than on more mature products - customer calls are an invaluable tool when developing from scratch. However, these...

6.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2020/08/25 1:30 p.m.19 views

WAF and RASP: Best Practice for Defense in Depth

Why do you need a RASP solution if WAFs layer of defense is so powerful? The simple answer is that no single security product can provide protection for all threat vectors. A comprehensive IT security strategy includes risk-appropriate controls implemented where they can provide maximum efficacy,...

8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2018/07/11 9:36 p.m.19 views

The Trickster Hackers – Backdoor Obfuscation and Evasion Techniques

A backdoor is a method for bypassing the normal authentication or encryption of a system. Sometimes developers construct backdoors to their own programs for various reasons. For example, to provide easy maintenance, developers introduce a backdoor that enables them to restore the manufacturer’s...

0.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/10/25 3:30 p.m.19 views

Detecting Data Breaches: Why Understanding Database Types Matters

Different data characteristics and access patterns found in different database systems lead to different ways of detecting suspicious data access, which are indicators of potential data breaches. To accurately detect data access abuse we need to classify the database processing type. Is it a...

6.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/04/11 3:30 p.m.19 views

Hot on the Credential Theft Trail: Tracking a Hacker from a Dropbox Phishing Campaign

We the Imperva Defense Center research team frequently investigate cases of credential theft to gain a deeper understanding of methods and tools used by cyber criminals—in particular, to learn how accounts are taken over once credentials are compromised through phishing campaigns. We recently cho...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2017/03/14 4:7 p.m.19 views

GDPR Series, Part 4: The Penalties for Non-Compliance

In the first three parts of this series, we covered the GDPR basics: who is subject to the GDPR requirements, what rules require data protection technology, and how you can start preparing your organization for the regulation. In this final installment, we will cover what happens when you are not...

6.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/08/27 5:19 p.m.18 views

Critical Flaws in Base44 Exposed Sensitive Data and Allowed Account Takeovers

Our research uncovered multiple critical vulnerabilities in Base44, an AI-powered platform that lets you turn any idea into a fully functional custom app. These flaws ranged from an open redirect that leaked access tokens, to stored cross-site scripting XSS, insecure authentication design,...

9.3CVSS6.6AI score0.00709EPSS
Exploits3
Imperva Blog
Imperva Blog
added 2024/10/09 9:5 p.m.18 views

Imperva Adaptive Threshold for Layer 7 DDoS Attacks Reduces Risk of Business Disruption

Today’s fast-paced digital landscape demands an optimized user experience that is always available to engage end users. However, businesses are constantly under threat from a variety of attacks that seek to disrupt that experience, including DDoS attacks. And the risk is growing. According to the...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/07/10 3:52 a.m.18 views

Lessons Learned From Exposing Unusual XSS Vulnerabilities

Misunderstood browser APIs are often at the core of many web security issues. With the rapid expansion of web APIs, keeping up with security best practices can be challenging. In this post, we’ll explore a few common mistakes developers make that lead to modern XSS Cross-Site Scripting...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/04/02 12:0 p.m.18 views

Compromising Bank Customer Trust: The Price of Inadequate Data Protection

Banks hold not just money, but also emotions and aspirations. Countless stories unfold within bank walls, reflecting the intimate connection between money and emotion. Beyond the numbers and transactions, every dollar represents individuals’ hopes, dreams, and livelihoods. As the trusted custodia...

7.5AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/02/13 3:47 p.m.18 views

Python’s Colorama Typosquatting Meets ‘Fade Stealer’ Malware

As our hunt against malicious Python packages continues, Imperva Threat Research recently discovered an attempt to masquerade Fade Stealer malware as a nondescript package, Colorama. Why Colorama? Colorama is a package used by developers to add color and style to their text in terminal outputs...

7.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2024/02/12 6:38 p.m.18 views

Do Any HTTP Clients Not Support SNI?

In this blog post, we’ll share the results of an internal research project we conducted on our CDN customers focused on websites that are getting non-Server Name Indication SNI traffic. The goal of our research was to answer the following questions: How much non-SNI traffic is seen? What is the...

6.8AI score
Exploits0
Imperva Blog
Imperva Blog
added 2023/12/05 7:50 p.m.18 views

Imperva Named an Overall Leader in the KuppingerCole Leadership Compass: API Security and Management Report

Imperva named an Overall Leader Were thrilled to share that Imperva has achieved the prestigious status of Overall Leader in the KuppingerCole Leadership Compass: API Security and Management report. Our Leadership excels across the sub-categories of Product, Innovation, and Market Leadership and ...

7.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/12/16 4:42 p.m.19 views

The World Cup: Prime Time for Sports Fans and Cybercriminals

From November 20 to December 18, fans from all over the world are tuned into the World Cup tournament in Qatar. While this is a major event for sports fans, it’s also prime time for bad actors. Large sporting events lead to increased levels of activity across sports and gambling sites, along with...

7.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/08/01 1:23 p.m.18 views

What is Dark Data, and how can we find it?

What is “dark data”? The term “dark data” refers to “any information assets that organizations collect, process, and store during regular business activities but generally fail to use for other purposes” Gartner. Often retained for compliance reasons, this data can also include past employee...

0.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/07/28 1:39 p.m.18 views

How Organizations Manage to Understand Millions of Unstructured Data Files at Scale

For an ever-growing segment of organizations, making sense of unstructured data is fast becoming imperative. It is also far more challenging. Unlike structured data that’s stored in rows and columns, text-based, and easy to search in relational databases and data warehouses, there is no defined...

1.3AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/07/25 1:38 p.m.18 views

Four Main Reasons Shoppers Abandon eCommerce Carts

More than just window shopping eCommerce shopping cart abandonment causes brands a sobering USD 18 Billion in annual revenue Forrester Research. While rates differ by device, with mobile and tablet device users most likely to leave before completing their order, nearly 70 percent of shoppers dese...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/06/10 1:2 p.m.18 views

How CISOs can Find and Retain Security Staff During the Great Resignation

The rising demand for cybersecurity professionals As if the skill shortfall in cybersecurity wasn’t bad enough, the employment landscape is shifting rapidly. This shift is due, in part, to historically low unemployment claims, unrivaled quit rates, and swathes of baby boomers and older Gen X...

7AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/05/18 12:41 p.m.18 views

Evasive Bots Drive Online Fraud – 2022 Imperva Bad Bot Report

The 2022 Imperva Bad Bot Report is now available. The report is the ninth annual in-depth analysis of bot traffic, created with data collected from Impervas global network throughout the past year by the Imperva Threat Research Team. Bad bots are software applications that run automated tasks wit...

0.4AI score
Exploits0
Imperva Blog
Imperva Blog
added 2022/04/14 11:6 a.m.18 views

APIs Are Here to Stay, so Get in Front of Securing Them

A recent IDC survey reported that 38 percent of organizations identified cybersecurity threats and regulations as the factor having the greatest impact on their technology investment planning over the next two years. The survey also revealed that for organizations taking a digital-first business...

7.5AI score
Exploits0
Total number of security vulnerabilities1025