Imperva Blog|Login|中文Deutsch日本語

Videos

Year: 2014 2013 2012 2011 2010 2009 2008 All Hide Descriptions
Popular Tags: Database Security, File Security, Web Application Security, Web Application Firewall, SQL Injection
Blocking Malicious Attacks Using SQL Injection Signature Evasion

Blocking Malicious Attacks Using SQL Injection Signature Evasion


This video demonstration is focused on a more advanced SQL Injection technique called "signature evasion." As the name implies, these techniques allow SQL Injection attacks to be conducted while avoiding detection by security controls that rely on signatures.

Tags: Attack Method, SQL Injection, Signature Evasion, Web Application Security, Database Security

Play Video  
Database Security Demo

Database Security Demo


Want to know how Imperva can help organizations assess, audit, and protect their most critical assets? This video provides a high-level overview of Imperva's database security products and describes how the market-leading products addresses each step in the data security and compliance life cycle.

Tags: Database Monitoring, DAM, Database Firewall, Database Security, SecureSphere, Product Tour

Play Video  
Detecting XSS Scripting (Cross-Site Scripting)

Detecting XSS Scripting (Cross-Site Scripting)


This video should be viewed following the Script Injection video demonstration. Cross-site scripting ('XSS' or 'CSS') is an attack that takes advantage of a Web site vulnerability in which the site displays content that includes un-sanitized user-provided data. For example, an attacker might place a hyperlink with an embedded malicious script into an online discussion forum. That purpose of the malicious script is to attack other forum users who happen to select the hyperlink. For example it could copy user cookies and then send those cookies to the attacker.

Tags: Attack Method, XSS, Cross-site scripting, CSS, Web Application Security, Database Security

Play Video  
Direct Database Access SQL Injection (Database Hacking)

Direct Database Access SQL Injection (Database Hacking)


SQL injection is usually a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application. In this example, the database is attacked directly by a non-privileged user through direct interaction with the database - not through a Web application.

Tags: Attack Method, Direct Database Access SQL Injection, SQL Injection, Web Application Security, Database Security

Play Video  
File Security Demo

File Security Demo


Learn how SecureSphere File Activity Monitoring addresses file auditing, security, and user rights management requirements. This five minute video explains how Imperva SecureSphere solves critical security, compliance, and IT operations challenges by monitoring file activity, finding data owners, and controlling permissions to sensitive files.

Tags: File Security, FAM, File Activity Monitoring, File Auditing, Compliance

Play Video  
Identifying & Blocking Blindfolded SQL Injection

Identifying & Blocking Blindfolded SQL Injection


This video demonstration is focused on a more advanced SQL Injection technique called "Blindfolded SQL Injection." These techniques are useful when attacking a system that doesn't display robust error messages. Note that error messages are helpful to attackers in SQL Injection attacks because they can reveal valuable information about the target.

Tags: Attack Method, SQL Injection, Blindfolded SQL Injection, Web Application Security, Database Security

Play Video  
Identifying Database Privilege Abuse by Malicious Insiders

Identifying Database Privilege Abuse by Malicious Insiders


This example of database privilege abuse relates to direct database attacks without Web applications. A malicious insider can decompile a fat desktop Java client to glean credential information allowing him to directly access the database with elevated privileges. Using the application's credentials for database access, not his own, he could operate with the privileges granted to the Java application.

Tags: Attack Method, Insider Threats, Privilege Abuse, Web Application Security, Database Security

Play Video  
Imperva Incapsula Introduction

Imperva Incapsula Introduction


Imperva Incapsula (previously called Cloud WAF) is an easy and affordable Web Application Firewall service in the cloud that addresses PCI 6.6, and keeps hackers out while making websites faster. Imperva security experts provide continuous monitoring, policy tuning, and immediate incident response. Leveraging a software-as-a-service (SaaS) delivery model, this short video illustrates how Imperva Cloud WAF provides businesses with the highest level of Web site security without requiring a large resource investment.

Tags: Incapsula, SaaS, Cloud Security Service, Cloud-Based Security, Web Site Security, Web Application Security, PCI

Play Video  
Imperva's File Security Product: Overview

Imperva's File Security Product: Overview


On July 13th 2010, Imperva released an addition to SecureSphere–file activity monitoring. This clip provides an overview of market drivers as well as a short demo of the product.

Tags: File Security, File Activity Monitoring, Insider Threat, FAM

Play Video  
Insights on WikiLeaks from the leader in Data Security

Insights on WikiLeaks from the leader in Data Security


WikiLeaks has rocked government and diplomatic circles, but its a wake-up call for businesses as well. Join Amichai Shulman, Imperva CTO and head of the Application Defense Center, as he cuts through the WikiLeaks clutter to help organizations bolster their overall data security.

Tags: WikiLeaks, Data Security, File Security, File Activity Monitoring, Insider Threat, FAM

Play Video  
Mitigating Client Side Database Protocol Attacks

Mitigating Client Side Database Protocol Attacks


This video demonstration illustrates methods for attacking databases by leveraging a client side application as well as vulnerabilities within the database protocol. This example addresses Oracle 10i. Using a Hex or Text editor it is possible to modify the SQL login stream on the client side in a way that takes advantage of the Oracle Database User running as DBA. By compromising the process with an attack such as a buffer overflow, an attacker can perform an injection of code causing anything from a denial of service attack to data modification on the Oracle server side database.

Tags: Attack Method, Web Application Security, Database Security

Play Video  
Recognizing Web Application Parameter Tampering

Recognizing Web Application Parameter Tampering


This video demonstration explores ways an attacker can modify parameters within a Web application. Parameter tampering is a simple attack targeting the application business logic. This attack takes advantage of the fact that many programmers rely on hidden or fixed fields (such as a hidden tag in a form or a parameter in a URL) as the only security measure for certain operations. Attackers can easily modify these parameters to bypass the security mechanisms that rely on them.

Tags: Attack Method, Parameter Tampering, Web Application Security, Database Security

Play Video  
SecureSphere Interactive Audit Analytics

SecureSphere Interactive Audit Analytics


SecureSphere Interactive Audit Analytics provides a fast reliable way to view audit data and understand database activities. Using various audit views it supports analysis and correlation of security events with just a few clicks of a mouse.

Tags: Audit, Database Security, Database Activity Monitoring, DAM, Interactive Audit Analysis, Technical Video, SecureSphere

Play Video  
SecureSphere Web Application Firewall - Vulnerability Assessment Integration

SecureSphere Web Application Firewall - Vulnerability Assessment Integration


This video demonstrates how the Imperva SecureSphere Web Application Firewall integrates with application vulnerability scanners. Watch this video to find out how SecureSphere creates policies and detects and blocks attacks based on vulnerability assessment results.

Tags: Web Application Firewall, WAF, Web Application Security, Technical Video, SecureSphere, Vulnerability Assessment

Play Video  
Session Hijacking - Bypassing Web Application Security

Session Hijacking - Bypassing Web Application Security


Session hijacking is the act of taking control of a user session after successfully obtaining or generating an authentication session ID. Session hijacking involves an attacker using captured, brute forced or reverse-engineered session IDs to seize control of a legitimate user's Web application session while that session is still in progress.

Tags: Attack Method, Session Hijacking, Web Application Security, Database Security

Play Video  
ThreatRadar Reputation Services

ThreatRadar Reputation Services


ThreatRadar enables organizations to fight automated attacks and gain greater insight into Website visitors. Watch this video to learn how ThreatRadar, an add-on service for the SecureSphere Web Application Firewall, can detect and stop known attack sources. ThreatRadar equips SecureSphere to block automated attacks and phishing incidents by tracking malicious IP addresses, anonymous proxies, Tor networks, phishing URLs, and the geographic location of Web users.

Tags: ThreatRadar, Web Application Firewall, WAF, Web Application Security, Automated Attacks

Play Video  
Understanding & Preventing SQL Injection - Part I

Understanding & Preventing SQL Injection - Part I


This is the first of three video demonstrations on basic SQL Injection techniques. SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application.

Tags: Attack Method, SQL Injection, Web Application Security, Database Security

Play Video  
Understanding & Preventing SQL Injection - Part II

Understanding & Preventing SQL Injection - Part II


This is the second of three video demonstrations on basic SQL Injection techniques. SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application.

Tags: Attack Method, SQL Injection, Web Application Security, Database Security

Play Video  
Understanding & Preventing SQL Injection - Part III

Understanding & Preventing SQL Injection - Part III


This is the third of three video demonstrations on basic SQL Injection techniques. SQL injection is a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. Attackers take advantage of the fact that programmers often chain together SQL commands with user-provided parameters, and can therefore embed SQL commands inside these parameters. The result is that the attacker can execute arbitrary SQL queries and/or commands on the backend database server through the Web application.

Tags: Attack Method, SQL Injection, Web Application Security, Database Security

Play Video  
Understanding Script Injection

Understanding Script Injection


This video should be viewed as a prerequisite to the XSS video demonstration. Script Injection is a form of Web application attack where the victim Web server is tricked into running the attackers script/code.

Tags: Attack Method, Script Injection, Web Application Security, Database Security

Play Video  
Universal User Tracking

Universal User Tracking


Watch how Imperva's Universal User Tracking technology enables organizations to track individual end users, even when user connections are pooled. This informative and concise video shows how Imperva's innovative Web to Database User Tracking technique accurately identifies end users in multi-tier environments.

Tags: User Tracking, Web Application Firewall, WAF, Database Firewall, Web Application Security, Database Security, Technical Video, SecureSphere

Play Video  
User Rights Management for Databases

User Rights Management for Databases


User Rights Management for Databases (URMD) enables security, database administrators and audit teams to review rights associated with sensitive data and identify excessive or dormant rights based on organizational context and actual usage. In this demo you will see how URM is used to find users with excessive rights and the source of these rights. To learn more about Imperva's User Rights Management click here.

Tags: User Rights Management, Excessive Rights, Dormant Users, Audit, User Tracking, Insider Threat, Database Security

Play Video  
Using Cookie Poisoning to Bypass Security Mechanisms

Using Cookie Poisoning to Bypass Security Mechanisms


This video demonstration illustrates cookie poisoning attacks. Cookie poisoning attacks involve the modification of the contents of a cookie (personal information stored in a Web user's computer) in order to bypass security mechanisms. Using cookie poisoning attacks, attackers can gain unauthorized information about another user and steal his identity.

Tags: Attack Method, Cookie Poisoning, Web Application Security, Database Security

Play Video  
Web Application Security Demo

Web Application Security Demo


Learn how the SecureSphere Web Application Firewall safeguards Web applications without modifying application behavior or impacting performance. This five minute video demonstrates common application threats and describes key product capabilities including automated application learning, up-to-date security defenses, and transparent deployment.

Tags: Web Application Firewall, WAF, Web Application Security, Product Tour, SecureSphere

Play Video