Imperva Blog|Login|中文Deutsch日本語

White Papers

Selected Tag: Threats | Show All

Download White Paper

Mitigating the OWASP Top 10 2013 with Imperva SecureSphere

The Open Web Application Security Project (OWASP) Top Ten is widely recognized as one of the leading standards for identifying critical web application security risks. This paper analyzes the latest 2013 release of the OWASP Top Ten most critical web application security risks and outlines how SecureSphere Web Application Firewall (WAF) addresses and mitigates each OWASP Top Ten threat.

Tags: Web Application Security, Threats, Web Application Attacks, OWASP

Download White Paper

Top Ten Database Threats

Databases contain the crown jewels of an organization, which means a break-in, by insiders or outsiders, can cost millions from lawsuits fines and customer attrition. The good news is that there are only a small number of commonly used methods to attack databases. Defend against these, and you will have a highly secure database.

Tags: Database Security, Database Hacks, Common Databases Attacks, Threats, Top Databases Attacks, Defend Against Databases Attacks, Stopping Databases Attacks

Download White Paper

Five Steps for Protecting Australian Government Information

According to the Information Security Manual (ISM), the primary cyber threat to Australia is cyber exploitation: malicious activities designed to silently gather information from ICT systems. The disclosure of sensitive commercial or government information can threaten national interests. The disclosure of sensitive personal information can enable malicious activities against individuals. The security of sensitive government and commercial information is critical for ensuring that Australia continues to be a safe place to do business online. This paper outlines Five Steps to protect critical information.

Tags: Information Security Manual, ISM, Australia, Threats, Government

Download White Paper

Six Techniques for Mitigating Insider Threats

How do you protect business data from trusted individuals who choose to abuse their privileges for personal or financial gain? And, what about users whose computers or personal devices have been compromised by malware, giving hackers access to your sensitive business data? Start by asking yourself the six questions in this whitepaper to help your organization determine if you've got insider threats under control.

Tags: Data Security, Insider Threats, SOX, PCI, Database Activity Monitoring

Download White Paper

Advanced Persistent Threat - Are You the Next Target?

Security researchers have been talking about advanced persistent threat (APT) for some time. Recently, we have seen a steep increase in the number of organizations hit by this type of attack. Initially, researchers thought APTs were mostly aimed at government agencies or political targets, but the latest attacks on enterprises suggest that APTs are not confined to a specific type of organization or sector.

Tags: Data Security, Insider Threats, Advanced Persistent Threat, APT, User Rights Management, Risk Management

Download White Paper

Four Steps to Defeating a DDoS Attack

Hackers, criminals, and political "hactivists" have increasingly turned to Distributed Denial of Service (DDoS) attacks to disrupt access to or even take down legitimate Websites. This white paper describes DDoS attack methods such as powerful DDoS attacks originating from servers and new, advanced application DDoS attacks. It then lays out four simple steps that organizations can undertake to mitigate DDoS attacks.

Tags: Web Security, Web Application Security, Threats, Web Application Attacks, DDoS, Distributed Denial of Service, DDoS Protection, Cyber-Crime

Download White Paper

Detecting and Blocking Site Scraping Attacks

Site scraping attacks range from harmless data collection for personal research to calculated, repeated data harvesting used to undercut competitor's prices or to illicitly publish valuable information. Site scraping, also called screen scraping or Web scraping, can undermine victims' revenues and profits by siphoning off customers and reducing competitiveness. This paper investigates various types of scraping attacks, site scraping tools, and effective techniques to detect and stop future attacks.

Tags: Web Application Security, Threats, Web Application Attacks, Web Site Scraping, Scraping Attacks

Download White Paper

Five Signs Your File Data is at Risk

Persistent insider threats and regulatory compliance mandates make protecting sensitive file data a business requirement for virtually every organization. However, the sheer volume of file data and its rapid and continuous growth make it a challenge to secure properly. This whitepaper reviews the five questions to help you assess your file security posture. If you aren't able to answer these five questions confidently, your file data is probably at risk.

Tags: File Security, Compliance, Threats, Insider Threat, Unstructured Data, Data, File Activity Monitoring

Download White Paper

Anatomy of an XSS Campaign

The Imperva Application Defense Center (ADC) observed the full anatomy of a cross-site scripting (XSS) campaign, showing why it's so easy to conduct a muscular phishing campaign in just under an hour.

Tags: Web Application Security, Threats, Web Application Attacks, Cross-Site Scripting, XSS

Download White Paper

Protected! Mitigating Web Application and Database Vulnerabilities with Virtual Patching

It's not always possible - or practical - to patch vulnerabilities in your Web applications or databases as soon as you discover them. You can use a technique known as "virtual patching" to rapidly address vulnerabilities and ensure you are protected until a long-term fix can be put in place. This brief whitepaper discusses the business benefits of virtual patching, including improved security and increased operational efficiency.

Tags: Virtual Patching, Database Security, Web Application Security, Vulnerability Assessment, Threats, Data Risk Analysis

Download White Paper

Data Security Study: Consumer Password Worst Practices

In December 2009, a major vulnerability was discovered in By examining a hacker's blog, a major vulnerability was discovered that led to the breach of 32 million passwords and the hacker posted to the Internet the full list of the 32 million passwords (with no other identifiable information). The data provides a unique glimpse into the way that users select passwords and an opportunity to evaluate the true strength of these as a security mechanism. Further, never before has there been such a high volume of real-world passwords to examine. The Imperva Application Defense Center (ADC) analyzed the strength of the passwords.

Tags: Database Security, Data Security, Threats

Download White Paper

Top 10 Guide for Protecting Sensitive Data from Malicious Insiders

For years, organizations have worked diligently to lock down their perimeters only to find out that the most devastating enemy is already inside.

Insider threats, both careless and malicious, abound. This fact is amplified during difficult economic times. With a plethora of digitized information, and vehicles for turning credit card data, personally identifiable information and intellectual property into cash, goods, and other services, risks have increased. It's no wonder that we're hearing about a growing number of attacks where the target is sensitive data, and the perpetrators are those with evaluated levels of trust and access: insiders. This guide will explore the top ten ways to protect sensitive data from the very people that need access to it. While this is a difficult problem to address, it is not impossible -- especially when leveraging the right tools.

Tags: Insider Threat, Threats, Sensitive Data Protection, Database Security, Data Security

Download White Paper

The Anatomy of an Insider: Bad Guys Don't Always Wear Black

Sensitive data protection is essential to any effective security or compliance strategy. Purpose-built data security solutions can prevent, detect, and continually audit how users, including privileged users interact with sensitive data. Visibility into ordinary users and privileged users in terms of their interactions with mission-critical applications and databases gives organizations the ability to effectively mitigate insider threats.

Tags: Insider Threat, Privileged User Monitoring, Sensitive Data Protection, Threats

Download White Paper

SecureSphere Web Application Security

This paper provides an analysis of the Web and Web services threat environment, followed by a description of how Imperva's SecureSphere Web Application Firewall provides a comprehensive and completely automated platform for securing these important IT assets.

Tags: Web Application Security, Threats, Web Application Firewall, SecureSphere

Selected Tag: Threats | Show All

Term of the Month