Imperva Blog|Login|中文Deutsch日本語

White Papers

Selected Tag: Web Application Security | Show All

Download White Paper

Protecting Against Vulnerabilities in SharePoint Add-ons

Microsoft SharePoint is a widely adopted data-sharing and collaboration platform which is often extended using third-party software. When the data in SharePoint is sensitive and regulated, the security of the platform - as well as the software extensions - must be a top concern for organizations. This paper will discuss the threats introduced when using third-party SharePoint plug-ins and Web Parts, evaluate the effectiveness of traditional security solutions in respect to these threats, and provide recommendations for hardening SharePoint systems.

Tags: SharePoint Security, Web Application Security, SharePoint Vulnerabilities, SQL Injection, CMS, Content Management Systems

Download White Paper

Web Attack Survival Guide

The Web Attack Survival Guide is your secret weapon for surviving attacks from hacktivists and cybercriminals. This guide provides step-by-step instructions to help you prepare for and stop web attacks, from hardening your applications, to blocking advanced attacks like SQL injection and DDoS, to performing a post-mortem after the attack is over. Armed with this guide, you can confidently face impending web attacks with a well-thought out strategy.

Tags: Web Security, Web Application Security, Web Application Attacks, Hacktivists, Cybercriminals, SQL Injection, DDoS, Guide

Download White Paper

Mitigating the OWASP Top 10 2013 with Imperva SecureSphere

The Open Web Application Security Project (OWASP) Top Ten is widely recognized as one of the leading standards for identifying critical web application security risks. This paper analyzes the latest 2013 release of the OWASP Top Ten most critical web application security risks and outlines how SecureSphere Web Application Firewall (WAF) addresses and mitigates each OWASP Top Ten threat.

Tags: Web Application Security, Threats, Web Application Attacks, OWASP

Download White Paper

What Next Gen Firewalls Miss: 6 Requirements to Protect Web Applications

Web application attacks threaten nearly every organization with an online presence. While some security vendors contend that their next generation firewalls can stop Web attacks, these products lack essential Web security features, leaving customers exposed to attack. This paper lays out the six key requirements needed to protect Web applications and it shows how Web application firewalls alone can effectively satisfy these requirements.

Tags: Web Security, Web Application Security, Web Application Attacks, Firewalls

Download White Paper

The Future of Web Security: 10 Things Every Web Application Firewall Should Provide

Web application firewalls have become the central platform for protecting applications against all online threats including technical Web attacks, business logic attacks, and online fraud. Web application firewalls understand Web usage and validate input to stop dangerous attacks like SQL injection, XSS, and directory traversal. They block scanners and virtually patch vulnerabilities. And they rapidly evolve to prevent new attacks and to keep critical applications safe. Because Web application firewalls are strategic, every organization must carefully evaluate the products' security, management, and deployment capabilities. This paper explains in detail the 10 features that every Web application firewall should provide.

Languages: English | Español

Tags: Web Application Firewall, Industrialized Hacking, Automated Attacks, Business Logic Attacks, ThreatRadar, Web Application Security

Download White Paper

Cutting the Cost of Application Security

Web application attacks can result in devastating data breaches and application downtime, costing companies millions of dollars in fines, brand damage, and customer turnover. This paper illustrates how the SecureSphere Web Application Firewall provides a Return on Security Investment of 2090% by preventing data breaches and Website downtime. SecureSphere also offers a compelling return compared to manual vulnerability remediation by eliminating costly emergency fix and test measures.

Tags: Application Vulnerabilities, Web Application Security, ROI

Download White Paper

Four Steps to Defeating a DDoS Attack

Hackers, criminals, and political "hactivists" have increasingly turned to Distributed Denial of Service (DDoS) attacks to disrupt access to or even take down legitimate Websites. This white paper describes DDoS attack methods such as powerful DDoS attacks originating from servers and new, advanced application DDoS attacks. It then lays out four simple steps that organizations can undertake to mitigate DDoS attacks.

Tags: Web Security, Web Application Security, Threats, Web Application Attacks, DDoS, Distributed Denial of Service, DDoS Protection, Cyber-Crime

Download White Paper

Detecting and Blocking Site Scraping Attacks

Site scraping attacks range from harmless data collection for personal research to calculated, repeated data harvesting used to undercut competitor's prices or to illicitly publish valuable information. Site scraping, also called screen scraping or Web scraping, can undermine victims' revenues and profits by siphoning off customers and reducing competitiveness. This paper investigates various types of scraping attacks, site scraping tools, and effective techniques to detect and stop future attacks.

Tags: Web Application Security, Threats, Web Application Attacks, Web Site Scraping, Scraping Attacks

Download White Paper

Botnets at the Gate

Stopping Botnets and Distributed Denial of Service Attacks
Botnets have infiltrated millions of users' computers and wrecked incalculable damage. This white paper lifts the veil on botnets and on the cyber-criminals behind them. It analyzes the history, growth, and economics behind botnets. It then investigates one of the most common attacks executed by botnets: the Distributed Denial of Service (DDoS) attack.

Tags: Web Security, Web Application Security, Cyber-Crime, Denial of Service Attacks, DOS, DDoS

Download White Paper

Security Trends for 2011

Imperva's Application Defense Center (ADC), led by Imperva CTO Amichai Shulman, is exclusively focused on advancing the practice of data security to help companies shield themselves from the threat of hackers and insiders. In 2010, the ADC successfully predicted many of the key issues that would plague security teams in 2010 and beyond. For 2011, the ADC has assembled its most comprehensive set of predictions.

Tags: Business Case, Database Security, File Security, Web Application Security, ROSI, Trends

Download White Paper

The Business Case for Data Security (Database, File, and Web Security)

The growing costs of security breaches and manual compliance efforts have given rise to new data security solutions specifically designed to prevent data breaches and deliver automated compliance. This paper examines the drivers for adopting a strategic approach to data security, compares and contrasts current approaches, and presents the Return on Security Investment (ROSI) of viable data security solutions.

Tags: Business Case, Database Security, File Security, Web Application Security, ROSI

Download White Paper

Security for PCI Compliance

Addressing Security and Auditing Requirements for Web Applications, Databases, and File Servers

For many organizations, Web, database, and file security present the most challenging barriers to achieving PCI DSS compliance. Often, businesses must provision new technologies or roll out new processes to satisfy Web application security, data audit, and user rights management requirements in the PCI standard.

This paper focuses on the key PCI DSS requirements that impact application and data security. Designed for auditors and security professionals, it describes how Imperva SecureSphere solutions can help organizations address the most costly and complex PCI mandates.

Tags: Web Application Security, Database Security, Audit, PCI, Compliance

Download White Paper

Anatomy of an XSS Campaign

The Imperva Application Defense Center (ADC) observed the full anatomy of a cross-site scripting (XSS) campaign, showing why it's so easy to conduct a muscular phishing campaign in just under an hour.

Tags: Web Application Security, Threats, Web Application Attacks, Cross-Site Scripting, XSS

Download White Paper

Protected! Mitigating Web Application and Database Vulnerabilities with Virtual Patching

It's not always possible - or practical - to patch vulnerabilities in your Web applications or databases as soon as you discover them. You can use a technique known as "virtual patching" to rapidly address vulnerabilities and ensure you are protected until a long-term fix can be put in place. This brief whitepaper discusses the business benefits of virtual patching, including improved security and increased operational efficiency.

Tags: Virtual Patching, Database Security, Web Application Security, Vulnerability Assessment, Threats, Data Risk Analysis

Download White Paper

Blindfolded SQL Injection

Until today, exploiting SQL server injection attacks depended on having the Web Server return detailed error messages or having any other source of information. As a result, many security administrators suppressed these error messages, assuming this would protect them from SQL server injection exploitation. This white paper shows, however, that suppressing the error messages does not provide real protection. Imperva ADC research reveals a set of techniques that can be easily used to bypass error suppression, making it clear that more substantial measures must be taken against SQL server injection attacks.

Tags: ADC, SQL Injection, Blindfolded SQL Injection, Web Application Attacks, Web Application Security

Download White Paper

Blame it on the Media(Bot) -- Using Google Advertising Mechanism for Web Application Attacks

The research summarized in this paper is aimed at demonstrating how search engines can be manipulated to serve as attack tools. We were able to show that the AdWords and AdSense services from Google can indeed be used to launch attacks against unsuspecting web applications. Attacks types we were able to demonstrate include buffer overflows, SQL injections and CSRFs.

Tags: ADC, Google Hacking, Web Application Attacks, Buffer Overflow, SQL Injection, CSRF, Web Application Security

Download White Paper

Understanding Web 2.0: Technologies, Risks and Best Practices

Feature rich and interactive Web 2.0 portals can lure customers and increase sales, but without effective security, they can be a hacker's paradise, exposing your business and customers to data theft. This technical brief details the security challenges inherent in Web 2.0 frameworks, including Ajax, collaboration, RSS feeds, and mashups. It also describes best practice techniques and tools to secure your Web 2.0 infrastructure without impacting existing development resources or your site's performance.

Tags: Web 2.0 Risks, Web 2.0 Security Best Practices, Web Application Security, Best Practices

Download White Paper

SQL Injection 2.0

SQL Injection continues to be one of the most predominant Web application threats. Considering the widespread availability of valuable data on the Web, the popularity of ecommerce and dependency on the Web for all kinds of information, attackers are motivated to implement faster, more advanced SQL injection methods to launch high profile, widespread attacks on targeted Web sites. This paper provides of an overview of SQL Injection 2.0, including specific attack techniques such as automated SQL injection via search engines, SQL Injection for Web site defacement, malware distribution and Denial of Service (DoS) attacks, and direct database SQL Injection.

Tags: SQL Injection 2.0, Web Application Security

Download White Paper

SecureSphere Web Application Security

This paper provides an analysis of the Web and Web services threat environment, followed by a description of how Imperva's SecureSphere Web Application Firewall provides a comprehensive and completely automated platform for securing these important IT assets.

Tags: Web Application Security, Threats, Web Application Firewall, SecureSphere

Download White Paper

The Top 5 On-Line Identity Theft Attacks

When digital thieves impersonate authorized users, everyone loses. On-line identity theft by insiders and outsiders can cost millions in fraud, fines, lawsuits, and customer attrition. Unfortunately, even sophisticated solutions, such as two-factor authorization, can be fooled by digital identity theft attacks. The good news is there are 5 commonly used methods for on-line identity theft. Defend against these, and you will have greatly increased the security of your on-line web application.

Tags: Identity Theft, Web Application Security, Database Security

Selected Tag: Web Application Security | Show All

Term of the Month