In this presentation, Imperva's CTO Amichai Shulman goes over incidents of accidental data leakage through search engines, Google Hacking threats and mitigation techniques, an overview of Google worms and related incidents, search engines used as a means of distributing malware, site masking threats and mitigation techniques, the “Search of Death” threat, and tools and best practices for protection against the various threats.
Presented at: OWASP Europe 2008
In this presentation, Ms. Noa Bar-Yosef, Security Research Engineer at Imperva, describes what Web 2.0 is, the key risks and challenges associated with Web 2.0, and mitigation techniques and practical approaches for protecting against vulnerabilities exposed through usage of Web 2.0 technologies.
Presented at: InfoSec Canada 2008
In this presentation, Imperva's CTO Amichai Shulman arms you with knowledge of JavaScript Hijacking and CSRF application attacks, how to detect and mitigate these attacks using code based and gateway solutions, and how a gateway based solution can provide automated protection against fraud attempts to exploit JS-Hijacking and CSRF based vulnerabilities.
Presented at: OWASP USA 2007
In this presentation, Imperva's CTO Amichai Shulman relates a history of the database threat environment, a walk-through of database vulnerabilities, and presents mitigation techniques for addressing database threats and vulnerabilities.
Presented at: BlackHat USA 2007
In this presentation, Imperva's CTO Amichai Shulman explains the key drivers for database security, the top 10 database security threats, and suggested mitigation techniques. He ends by illustrating a “new approach” to database security- the database monitoring and security gateway solution, a unified solution for protecting both the data and the database.
Presented at: RSA Europe 2006, Sybase Techwave 2006, and RSA Japan 2007
In this presentation, Imperva's CTO Amichai Shulman describes why hackers are motivated to launch database attacks, tools and techniques used to launch attacks, and methods for preventing attacks, including a database security gateway as a solution.
Presented at: InfoSec UK 2006, InfoSec USA 2007
In this presentation, Imperva's CTO Amichai Shulman provides insight into what phishing is, types of phishing attacks, commonly proposed solutions for mitigating phishing attacks, advanced phishing techniques with Cross Site Scripting and Script Injection, and various defenses against phishing.
Presented at: RSA USA 2006
In this presentation, Imperva's CTO Amichai Shulman describes what SQL injection is, why it is one of the biggest threats to Web applications, several common protection mechanisms against SQL Injection and why these mechanisms fail to solve the SQL injection problems. The attack techniques presented are based on research from Imperva's Application Defense Center.
Presented at: RSA Europe 2005
In this presentation, Imperva's CTO Amichai Shulman explains the current landscape of database security, the pitfalls of existing database protection approaches, client based attack classification as a method for classifying the various types of users accessing the database, and considerations for building effective and efficient countermeasures.
Presented at: RSA USA 2005
HTTP Verb Tampering is an attack that exploits vulnerabilities in HTTP verb (also known as HTTP method) authentication and access control mechanisms. Many authentication mechanisms only limit access to the most common HTTP methods, thus allowing unauthorized access to restricted resources using other HTTP methods. For example, many Web applications enforce GET and POST access controls, but ignore other HTTP methods such as HEAD. HTTP Verb Tampering enables malicious users to bypass security controls to access or manipulate restricted resources.
View complete definition