Imperva Blog|Login|中文Deutsch日本語

White Papers

Selected Tag: Web Application Attacks | Show All

Download White Paper

Web Attack Survival Guide


The Web Attack Survival Guide is your secret weapon for surviving attacks from hacktivists and cybercriminals. This guide provides step-by-step instructions to help you prepare for and stop web attacks, from hardening your applications, to blocking advanced attacks like SQL injection and DDoS, to performing a post-mortem after the attack is over. Armed with this guide, you can confidently face impending web attacks with a well-thought out strategy.

Tags: Web Security, Web Application Security, Web Application Attacks, Hacktivists, Cybercriminals, SQL Injection, DDoS, Guide


Download White Paper

Mitigating the OWASP Top 10 2013 with Imperva SecureSphere


The Open Web Application Security Project (OWASP) Top Ten is widely recognized as one of the leading standards for identifying critical web application security risks. This paper analyzes the latest 2013 release of the OWASP Top Ten most critical web application security risks and outlines how SecureSphere Web Application Firewall (WAF) addresses and mitigates each OWASP Top Ten threat.

Tags: Web Application Security, Threats, Web Application Attacks, OWASP


Download White Paper

What Next Gen Firewalls Miss: 6 Requirements to Protect Web Applications


Web application attacks threaten nearly every organization with an online presence. While some security vendors contend that their next generation firewalls can stop Web attacks, these products lack essential Web security features, leaving customers exposed to attack. This paper lays out the six key requirements needed to protect Web applications and it shows how Web application firewalls alone can effectively satisfy these requirements.

Tags: Web Security, Web Application Security, Web Application Attacks, Firewalls


Download White Paper

Four Steps to Defeating a DDoS Attack


Hackers, criminals, and political "hactivists" have increasingly turned to Distributed Denial of Service (DDoS) attacks to disrupt access to or even take down legitimate Websites. This white paper describes DDoS attack methods such as powerful DDoS attacks originating from servers and new, advanced application DDoS attacks. It then lays out four simple steps that organizations can undertake to mitigate DDoS attacks.

Tags: Web Security, Web Application Security, Threats, Web Application Attacks, DDoS, Distributed Denial of Service, DDoS Protection, Cyber-Crime


Download White Paper

Detecting and Blocking Site Scraping Attacks


Site scraping attacks range from harmless data collection for personal research to calculated, repeated data harvesting used to undercut competitor's prices or to illicitly publish valuable information. Site scraping, also called screen scraping or Web scraping, can undermine victims' revenues and profits by siphoning off customers and reducing competitiveness. This paper investigates various types of scraping attacks, site scraping tools, and effective techniques to detect and stop future attacks.

Tags: Web Application Security, Threats, Web Application Attacks, Web Site Scraping, Scraping Attacks


Download White Paper

Anatomy of an XSS Campaign


The Imperva Application Defense Center (ADC) observed the full anatomy of a cross-site scripting (XSS) campaign, showing why it's so easy to conduct a muscular phishing campaign in just under an hour.

Tags: Web Application Security, Threats, Web Application Attacks, Cross-Site Scripting, XSS


Download White Paper

Blindfolded SQL Injection


Until today, exploiting SQL server injection attacks depended on having the Web Server return detailed error messages or having any other source of information. As a result, many security administrators suppressed these error messages, assuming this would protect them from SQL server injection exploitation. This white paper shows, however, that suppressing the error messages does not provide real protection. Imperva ADC research reveals a set of techniques that can be easily used to bypass error suppression, making it clear that more substantial measures must be taken against SQL server injection attacks.

Tags: ADC, SQL Injection, Blindfolded SQL Injection, Web Application Attacks, Web Application Security


Download White Paper

Blame it on the Media(Bot) -- Using Google Advertising Mechanism for Web Application Attacks


The research summarized in this paper is aimed at demonstrating how search engines can be manipulated to serve as attack tools. We were able to show that the AdWords and AdSense services from Google can indeed be used to launch attacks against unsuspecting web applications. Attacks types we were able to demonstrate include buffer overflows, SQL injections and CSRFs.

Tags: ADC, Google Hacking, Web Application Attacks, Buffer Overflow, SQL Injection, CSRF, Web Application Security

Selected Tag: Web Application Attacks | Show All


Term of the Month