A range of application security tools was developed to support the efforts to secure the enterprise from the threat posed by insecure applications. But in the ever-changing landscape of application security, how does an organization choose the right set of tools to mitigate the risks their applications pose to their environment? Equally important, how, when, and by whom are these tools used most effectively?
Akamaiís Threat Research team analyzed a week of cross-site scripting (xss) alert triggers to gain clarity on the nature of xss attacks. Read this case study to learn which vectors are vulnerable and specific techniques that were employed during remote resource injection exploitation attempts versus simple probing requests.
This paper touches upon the following topics:
-Critical vulnerabilities are on the decline, but still pose a significant threat
-Mature technologies introduce continued risk
-Mobile platforms represent a major growth area for vulnerabilities
-Web applications remain a substantial source of vulnerabilities
-Cross-site scripting remains a major threat to organizations and users
-Effective mitigation for cross-frame scripting remains noticeably absent
Published By: AlienVault
Published Date: Oct 21, 2014
Two of the oldest and most common attacks used against web applications, SQL injection attacks and cross-site scripting attacks (XSS), continue to impact thousands of websites and millions of users each year. Finding these exposures quickly is essential in order to prevent system compromise and avoid information leakage. SIEM solutions can be invaluable in this effort by collecting and correlating the data you need to identify patterns that signal an attack.
DigiCert implemented Imperva to protect their hybrid environment. They
were already using Impervaís WAF on-premises to defend against Layer 7
attacks, known threats, and zero-day attacks to rapidly identify the threats
that required investigation. By expanding their usage of Imperva, DigiCert
was able to extend protection to AWS and maintain their security posture
both during and after migration.
Impervaís sophisticated threat detection technology draws upon vast
experience in the WAF market. As traffic passes through their network,
advanced client classification technology (together with crowdsourcing
and IP reputation data) automatically analyzes it to identify and block web
application attacks. These include SQL injection, cross-site scripting, illegal
resource access, comment spam, site scraping, malicious bots, and other
top threats. Granular filters and controls reduce false positives and prevent
access from unwanted visitors, while IP address shielding hides the web
As the use of mobile devices exponentially expands, so too does security threats to the increasing number of mobile applications that companies rely on. As a result, companies struggle to keep pace with mobile application security and face the risk of embarrassing and costly data breaches.
In this technical session, youíll learn how Worklight Application Scanning helps you deliver applications that arenít susceptible to the most common types of malware, including SQL Injection and Cross-Site Scripting. In addition, youíll learn how this powerful tool helps address the OWASP Top 10 Mobile Risks for 2014.
Credit Union Times is the nation's leading independent source for breaking news and analysis for credit union leaders. For more than 20 years, Credit Union Times has set the standard for editorial excellence and ethical, straight-forward reporting.