The State of Vulnerabilities in 2019
As a web application firewall provider, part of our job at Imperva is to continually monitor for new security vulnerabilities. To do this, we use internal software that collects information from various data sources such as vulnerability databases, newsletters, forums, social media and more, integrating it into a single repository, ... Read More
How to Maximize Your WAF
Whenever new WAF clients are brought aboard, there’s a procedure they must follow in order to properly configure their servers to work behind the WAF protection. You can find an example of the Imperva Cloud WAF onboarding procedure here. Sometimes, however, customers can miss important procedures leaving them exposed, and ... Read More
Tracking CVE-2019-11043 PHP Vulnerability – An Uncommon Chain of Events
On October 22, security researcher Omar Ganiev published a tweet regarding remote code execution vulnerability in PHP-FPM (the FastCGI Process Manager) running on the Nginx server. The tweet includes a link to a GitHub repository with an explanation of the vulnerability and a PoC (proof-of-concept) for its exploitation. Vulnerable PHP ... Read More
Headless Chrome: DevOps Love It, So Do Hackers, Here’s Why
Google Chrome is the most popular web browser and has been so for almost a decade. Each new version of Chrome brings new usability, security and performance features. This article focuses on the “headless mode” feature that Google released more than a year ago; and, since day one has become ... Read More
Sonification of DDoS Attacks: Netflow Melodies and a Tomato Panic Button
Vegetables, DDoS attacks, and soundwaves... no, really ... Read More