13 posts from May 2008

May 30, 2008

Yesterday, I stepped into Amichai's shoes, delivering the Application Defense Center's "top security trends" webinar with Carahsoft, one of Imperva's partners. (The original ADC recording is available here). One of the top trends (#7) is...Read More
Share:
  • Tags:
  • Permalink
  • Comments (0)
  • TrackBack (0)
We've been following up on different incidents where sensitive information appearing in websites is accessible without any adequate protection measures, leaving the data vulnerable to different security threats such as Google Hacking. And yet, the...Read More
Share:
  • Tags:
  • Permalink
  • Comments (0)
  • TrackBack (0)

May 29, 2008

Remember that old PCI DSS 6.6 dilemma - the one in which everyone and every company had a say - whether to perform a Code Review or deploy a Web Application Firewall (WAF)? Not only...Read More
Share:
  • Tags:
  • Permalink
  • Comments (0)
  • TrackBack (0)

May 28, 2008

During our recent Customer Advisory Board, one of the members (using WAF in production, now in the process of adding Database Security Gateways) mentioned that his organization was looking into Security Development Life Cycle (SDLC)...Read More
Share:
  • Tags:
  • Permalink
  • Comments (0)
  • TrackBack (0)
Earlier this month a new social network entered the scene, named "House of Hackers". I'm interested to see how this network will evolve. As of writing these lines, more than 2200 members have signed up!...Read More
Share:
  • Tags:
  • Permalink
  • Comments (0)
  • TrackBack (0)

May 27, 2008

We read and re-read the news: a massive Web attack, performed via SQL Injection which inserts hidden iframes which in turn refer to compromised sites which eventually download malware. It happened back in January, then...Read More
Share:
  • Tags:
  • Permalink
  • Comments (1)
  • TrackBack (0)

May 23, 2008

For some time I wanted to blog about the need to protect enterprise applications. You might think that it's obvious but most organizations are still behind when it comes to enterprise application protection. Wednesday, Imperva...Read More
Share:
  • Tags:
  • Permalink
  • Comments (0)
  • TrackBack (0)

May 22, 2008

I am not sure that it can be called a phenomenon yet, but recently we are witnessing a growing number of breaches that are either detected after a very long time or it takes a...Read More
Share:
  • Tags:
  • Permalink
  • Comments (0)
  • TrackBack (0)

May 15, 2008

Recently, a rare bug in a SCADA system by Invensys was disclosed - one which if exploited could cause a remote Denial of Service on the system. As these systems are deployed in power plants,...Read More
Share:
  • Tags:
  • Permalink
  • Comments (0)
  • TrackBack (0)

May 13, 2008

On May 18 security researchers will gather at the IEEE Symposium on Security and Privacy. One of the papers to be represented is "Automatic Patch-Based Exploit Generation is Possible: Techniques and Implications" by David Brumley,...Read More
Share:
  • Tags:
  • Permalink
  • Comments (0)
  • TrackBack (0)