Web Application Firewall | Breaking Cybersecurity News | The Hacker News

Estonian based web security startup WebARX, the company who is also behind open-source plugin vulnerability scanner WPBullet and soon-to-be-released bug bounty platform plugbounty.com , has a big vision for a safer web. It built a defensive core for websites which is embedded deep inside the company's DNA as even ARX in their name refers to the citadel (the core fortified area of a town or city) in Latin. WebARX—web application security platform—allows web developers and digital agencies to get advanced website security integrated with every site and makes it more effective and less time-consuming to manage security across multiple websites. You can find reviews such as "WebARX - the Swiss army knife that secures my websites!", "The security software that I use every day," "Many Promise - WebARX Delivers" from their Trustpilot page, so where is all that coming from? Serious Team With A Unique Focus WebARX is solving a very specific probl...

Imperva, one of the leading cybersecurity startups that helps businesses protect critical data and applications from cyberattacks, has suffered a data breach that has exposed sensitive information for some of its customers, the company revealed today. The security breach particularly affects customers of Imperva's Cloud Web Application Firewall (WAF) product, formerly known as Incapsula , a security-focused CDN service known for its DDoS mitigation and web application security features that protect websites from malicious activities. In a blog post published today, Imperva CEO Chris Hylen revealed that the company learned about the incident on August 20, 2019, only after someone informed it about the data exposure that "impacts a subset of customers of its Cloud WAF product who had accounts through September 15, 2017." The exposed data includes email addresses and hashed and salted passwords for all Cloud WAF customers who registered before 15th September 2017...

WAF (Web Application Firewall) has been the first line of defence when it comes to application security for a while now. Many organizations have adopted WAF in one form or the other and most cases, compliance has been the driver for adoption. But unfortunately, when it comes to the efficacy of WAF in thwarting attacks, it has not lived up to the expectations. In most organizations, WAF has always remained in log mode with a little process to monitor and react, rendering the solution ineffective. The major challenge with effective deployment of WAF is: Applications are unique, and there is no silver bullet set of rules that will protect them all, Most WAF's do not try to understand the risk profile of the application; they end up providing common out of box vanilla rules that seldom works. Each application has its own intricacies and the out of the box rules that many WAF vendors provide create a lot of FPs (False Positives) or FNs (False Negatives), For proper implement...

Data loss and theft continues to rise, and hardly a day goes by without significant data breaches hit the headlines. In January 2019 alone, 1.76 billion records were leaked, and according to IBM's Data Breach study, the average cost of each lost or stolen record has reached about $148. Most of these data leaks are because of malicious attacks, where exploitation of web application vulnerabilities is one of the most common cyber attack vectors. An application security breach is a problem facing one and all, and no matter what's the size of your company, your web applications are prone to cyber attacks. Hackers breach sites for a variety of reasons—some do it for fame, some to get competitive information, whereas some do it just for financial gains. No matter what the reason is, the cost of a security breach is always higher than the cost of protection, leading to loss of data, substantial financial losses, and most importantly, loss of customers' trust. If you a...

One of the most important software companies NGINX , which is also behind the very popular open-source web server of the same name, is being acquired by its rival, F5 Networks , in a deal valued at about $670 million. While NGINX is not a name that you have ever heard of, the reality is that you use NGINX every day when you post a photo, watch streaming video, purchase goods online, or log into your applications at work. NGINX powers over half of the busiest websites in the world. Majority of sites on the Internet today, including The Hacker News, and hundreds of thousands apps, like Instagram, Pinterest, Netflix, and Airbnb are hosted on web servers running NGINX. NGINX web server is the third most widely used servers in the world—behind only Microsoft and Apache, and ahead of Google. In short, the internet as we know it today would not exist without NGINX. F5 Acquires NGINX to Bridge NetOps and DevOps F5 Networks is the industry leader in cloud and security application...

It's been close to five years since we last looked at Incapsula , a security-focused CDN service known for its DDoS mitigation and web application security features. As one would expect, during these five years the company has expanded and improved, introducing lots of new features and even several new products. Most recently, Incapsula underwent an extensive network expansion that includes new PoPs in Asia including two new data centers in New Delhi and Mumbai. This seems like an excellent opportunity to revisit the service and see how it has evolved. Acquisition, Award and Growth Before we jump into Incapsula's service upgrades, we want to mention the changes in the company itself briefly. The most notable of those is Incapsula’s 2014 acquisition by Imperva—an authority in web application security and a four-time Gartner Magic Quadrant leader for web application firewalls. The acquisition boosted Incapsula’s security capabilities, resulting in its own cloud...

WHMCS, a popular client management, billing and support application for Web hosting providers, released an emergency security update for the 5.2 and 5.1 minor releases, to patch a critical vulnerability that was publicly disclosed. The vulnerability was publicly posted by a user named as ‘ localhost ’ on October 3rd, 2013 and also reported by several users on various Hosting related Forums . He also released a  proof-of-concept exploit code  for this SQL injection vulnerability in WHMCS. WHMCS says , as the updates have “ critical security impacts .”, enables attackers to execute SQL injection attacks against WHMCS deployments in order to extract or modify sensitive information from their databases i.e. Including information about existing accounts, their hashed passwords, which can result in the compromise of the administrator account. Yesterday a group of Palestinian hackers , named as KDMS Team  possibly used the same vulnerability against...