October 15, 2014

Google researchers recently uncovered a security bug (CVE-2014-3566) that they say could allow hackers to steal data. This vulnerability is a Man-In-The-Middle (MITM) attack which means a client-to-server session is being hijacked and then used...Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)

October 09, 2014

Today, we are proud to release the 5th installment of our annual Web Application Attack Report. For those of you new to this report, Imperva’s Web Application Attack Report (WAAR) is a thorough analysis of...Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)

October 02, 2014

Following my previous post on SSJI (Server Side JavaScript Injection), I received many questions requesting more details and techniques on how applications that use a big data back end may be vulnerable and If I...Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)

September 30, 2014

Today, NSS Labs published one of its Comparative Analysis Reports on Web Application Firewalls. The publishing of this report will likely prompt glowing press releases from other vendors, each one citing the “security effectiveness” and...Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)
Last month I wrote two articles about opportunity cost. But recently I got to thinking about an opportunity some long time Imperva customers are missing. In short, it’s turning on Community Defense, the crowdsourced threat...Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)

September 25, 2014

A new, widespread internet vulnerability has been found. Dubbed “Shellshock,” it affects Linux servers using GNU Bash, which is in very widespread use. The vulnerability allows injection of arbitrary commands at higher privilege (i.e. privilege...Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)