23 posts from October 2011

October 31, 2011

Part I is here. Part II is here. Part III is here. Solution #4: Encryption Considered by many to be the silver bullet to any security problem, encryption does very little to mitigate the insider...Read More
Share:
Share on LinkedIn

October 28, 2011

Amichai Shulman, Imperva CTO From today's news, it seems China may have hacked US satellites. I think that for years the basic information security assumption by military and government agencies was that they keep their...Read More
Share:
Share on LinkedIn
  • Authors:
  • Permalink
  • Comments (0)
Part I is here. Part II is here. Solution #3: Built-in Access Controls Access controls attempt to solve the problem of individuals accessing the data store when they do not have permissions to do so....Read More
Share:
Share on LinkedIn
  • Authors:
  • Permalink
  • Comments (0)

October 27, 2011

Yesterday, we did a big webinar on SQL injection. In our webinar, we detailed the current hacker process for performing SQL injections and, more importantly, how to prevent them. Ironically, the Register reports that Sweden...Read More
Share:
Share on LinkedIn
  • Authors:
  • Permalink
  • Comments (0)
Part I is here. Solution #2: Built-in Audit Trail and Internal Trace Built-in audit mechanisms provide logs which can (presumably) pinpoint what proper or improper activity was performed on the database and its contents. Once...Read More
Share:
Share on LinkedIn

October 26, 2011

We’ve blogged on the insider threat issue and outlined how to profile potential problems. We saw what information was mainly being targeted and we even raised a few indicative signs of wrong-doing. Before we start...Read More
Share:
Share on LinkedIn

October 24, 2011

Recently, we blogged on the value of credit cards on the black market. This site showed the value of credit cards for sale online. However, there's another site (which we won't promote) that also lists...Read More
Share:
Share on LinkedIn
  • Authors:
  • Permalink
  • Comments (0)

October 21, 2011

Imperva CTO Amichai Shulman I read the NYT article citing the deliberations the US government went through regarding a cyber attack on Libya. There’s an interesting historical example and precedent. In 1982, Israel launched a...Read More
Share:
Share on LinkedIn
  • Authors:
  • Permalink
  • Comments (0)

October 19, 2011

Great study (reg required) from PWC on the readiness and status of American health providers ability to properly manage the process of converting physical records into electronic ones. Since most of you don’t have time...Read More
Share:
Share on LinkedIn
  • Authors:
  • Permalink
  • Comments (0)
Imperva's Tomer Biton examines a new mass script injection attack targets ASP ASP.NET websites. As usual, this is a major technical dissection. First, by searching the javascripts payload names in Google we can see the...Read More
Share:
Share on LinkedIn
  • Authors:
  • Permalink
  • Comments (0)