Blog|Login|中文Deutsche日本語
December 18, 2013
 Website Traffic is Tipping in Favor of Automated Clients
Incapsula, Imperva’s subsidiary focused on cloud-based application security, just released its annual Bot Traffic Report for 2013 that analyzed 1.45 Billion visits over a 90 day period; concluding that automated web traffic is on the...

Read More »

 

December 11, 2013
 HII: Assessing the threat landscape of DBaaS
Over past few years we’ve seen an ever-growing tide of data breaches with reports of new breaches coming out almost every day. Having said that, there are still very few published details on how actual...

Read More »

 

November 27, 2013
 1.2M Loyaltybuild Customers' Data Breached - Why?
Last week Ireland’s Office of the Data Protection Commissioner (ODPC) reported that loyalty marketing company, Loyaltybuild had been hit with a major data breach. The breach, affecting at least 1.2 million customers, resulted in loss...

Read More »

 

November 18, 2013
 Threat Advisory: A JBoss AS Exploit, Web Shell code Injection.
JBoss Application Server (or JBoss AS) is an open-source Java EE-based application server. JBoss AS was developed by JBoss, now a division of Red Hat. On late 2012, JBoss AS was named as WildFly. Recently,...

Read More »

 

November 14, 2013
 A Look Into The MongoHQ Breach – Protect Your (Big) Data
A recent security breach in MongoHQ (a MongoDB cloud services provider) left the company working hard to patch up security holes. Unfortunately common, this breach was only detected when one of MongoHQ’s customers (Buffer) realized...

Read More »

 

November 07, 2013
 Incapsula Pen-Test – Part Deux!
In 2013, we have been fortunate enough to receive a lot of positive attention for Incapsula product line. In addition major news coverage garnered by stopping one of the internet’s largest unamplified DDoS attacks, and...

Read More »

 

November 05, 2013
 The rise and rise of ColdFusion-driven breaches
Yesterday, Brian Krebs wrote an article on how several high end car/limousine service companies were breached and customer information was stolen. This resonated very strongly since some of the victims were celebrities, lawmakers and top...

Read More »

 

October 08, 2013
 Threat Advisory: A vBulletin Exploit, Administrator Injection.
vBulletin is a popular proprietary CMS (content management system) that was recently reported to be vulnerable to an unspecified attack vector. vBulletin is currently positioned 4th in the list of installed CMS sites on the...

Read More »

 

October 04, 2013
 Score sheet: Testing Some XSS Evasion Techniques Against Our WAF
A couple of months ago ModSecurity (SpiderLabs) issued an “XSS Evasion Challenge” where they actively asked security experts and hackers to try and bypass their own XSS filters. This is a blessed initiative by a...

Read More »

 

October 01, 2013
 Trend Watch – DDoS: “We Need a Bigger Boat”
It’s no news that DDoS attacks are growing in frequency and scale. Earlier this year Spamhouse suffered from what security experts have cited as “the largest DDoS attack ever,” peaking at 300+ Gbps. The story...

Read More »

 

 

Find Us Online
RSS Feed - Subscribe Twitter Facebook iTunes LinkedIn YouTube
Authors
Monthly Archives
Email Subscription
Sign up here to receive our blog: