CVSS chart

The State of Vulnerabilities in 2019

As a web application firewall provider, part of our job at Imperva is to continually monitor for new security vulnerabilities. To do this, we use internal software that collects information from various data sources such as vulnerability databases, newsletters, forums, social media and more, integrating it into a single repository, ... Read More
waf blog diagram

How to Maximize Your WAF

| | Labs
Whenever new WAF clients are brought aboard, there’s a procedure they must follow in order to properly configure their servers to work behind the WAF protection. You can find an example of the Imperva Cloud WAF onboarding procedure here. Sometimes, however, customers can miss important procedures leaving them exposed, and ... Read More

Tracking CVE-2019-11043 PHP Vulnerability – An Uncommon Chain of Events

| | Labs
On October 22, security researcher Omar Ganiev published a tweet regarding remote code execution vulnerability in PHP-FPM (the FastCGI Process Manager) running on the Nginx server. The tweet includes a link to a GitHub repository with an explanation of the vulnerability and a PoC (proof-of-concept) for its exploitation. Vulnerable PHP ... Read More
Headless Chrome: DevOps Love It, So Do Hackers, Here’s Why

Headless Chrome: DevOps Love It, So Do Hackers, Here’s Why

Google Chrome is the most popular web browser and has been so for almost a decade. Each new version of Chrome brings new usability, security and performance features. This article focuses on the “headless mode” feature that Google released more than a year ago; and, since day one has become ... Read More