8 posts from September 2014

September 30, 2014

Today, NSS Labs published one of its Comparative Analysis Reports on Web Application Firewalls. The publishing of this report will likely prompt glowing press releases from other vendors, each one citing the “security effectiveness” and...Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)
Last month I wrote two articles about opportunity cost. But recently I got to thinking about an opportunity some long time Imperva customers are missing. In short, it’s turning on Community Defense, the crowdsourced threat...Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)

September 25, 2014

A new, widespread internet vulnerability has been found. Dubbed “Shellshock,” it affects Linux servers using GNU Bash, which is in very widespread use. The vulnerability allows injection of arbitrary commands at higher privilege (i.e. privilege...Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)

September 24, 2014

Mike Rothman wrote about the post facto analysis game on the Securosis blog today (“Hindsight FTW”). And I think he got it right. In a nutshell, it’s easy to say now that Home Depot should...Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)
Websites that contain personal information of users, such as login details and other data, are frequently targeted by hackers. Personal data is highly valuable in the black market for fraud purposes, theft, and other nefarious...Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)

September 22, 2014

Late last week, there was an article in the Huff Post titled “The Big Lie Behind the Biggest Data Breaches” that prompted a great back-and-forth discussion Inside Imperva. The issue under debate is: Do companies...Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)

September 04, 2014

Big Data Server Side JavaScript Injection In Part #2 of this blog series, Mark Kraynak covered some of the application security risks that reside in Big Data implementations, and in follow-up, I’d like to address...Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)

September 03, 2014

There’s a common--but dangerous--misconception out there that applications are secure when backed by Big Data technologies such as NoSQL databases. Wrong! Big data does not equal security. That’s why we’ve started blogging on the topic,...Read More
Share:
Share on LinkedIn
  • Tags:
  • Permalink
  • Comments (0)