Web Attack Survival Guide
The Web Attack Survival Guide is your secret weapon for surviving attacks from hacktivists and cybercriminals. This guide provides step-by-step instructions to help you prepare for and stop web attacks, from hardening your applications, to blocking advanced attacks like SQL injection and DDoS, to performing a post-mortem after the attack is over. Armed with this guide, you can confidently face impending web attacks with a well-thought out strategy.
How to Select the Right Web Application Firewall: 10 Key Requirements to Consider
A web application firewall is not a one-size-fits-all option. This guide provides IT security staff with an overview of the threats to web applications and items to consider when selecting a web application firewall. It also details minimum feature and functionality requirements, and provides an at-a-glance checklist for evaluating web application firewalls.
2017 Cyberthreat Defense Report
CyberEdge Group's fourth annual Cyberthreat Defense Report provides a penetrating look at how IT security professionals perceive cyberthreats and plan to defend against them. Based on a survey of 1,100 IT security decision makers and practitioners conducted in November 2016, the report delivers countless insights IT security teams can use to better understand how their perceptions, priorities, and security postures stack up against those of their peers.
eBook: Cyber Security is the Board’s Business
Board members have a fiduciary responsibility to establish and govern business policies and practices that drive a company’s financial performance and growth. But do they have a comprehensive view of the company’s defense posture to assure they are a conscientious steward of the business?
In this eBook, Board members will discover why they need to be concerned about cyber security and how to get more involved.
2015-16 DDoS Threat Landscape Report
The Imperva DDoS Threat Landscape Report contains the latest attack trends, using the data collected in the course of mitigating thousands of network and application DDoS attacks on Imperva Incapsula customers worldwide.
2016 Magic Quadrant for Web Application Firewalls
Gartner, Inc. has released the 2016 Magic Quadrant for Web Application Firewalls. Imperva has been positioned as the ONLY Leader on this Magic Quadrant for the third consecutive year. Read this report for Gartner’s analysis of the Web Application Firewalls market.
Cyber Security Board Oversight: Taking Ownership of Cyber Security Risks
Enterprise-level cyber security solutions require more than just technology and employee training; they require the top-down involvement of everyone within the organization, including the Board of Directors. Getting buy-in from a Board of Directors is not always easy, however.
In this eBook, CEOs and CIOs will discover new ways to educate their Board of Directors and get them onboard with their cyber security.
Mitigating OWASP Automated Threats – Learn How Imperva SecureSphere WAF and ThreatRadar combine to stop automated threats in their tracks
Automated web-based attacks that abuse standard functionality in web-based applications are on the rise. The Open Web Application Security Project (OWASP) recently published its Automated Threat Handbook for web applications, to bring greater attention and clarity to detect this attack trend.
Using the threat classification scheme from the OWASP handbook as a framework, this white paper demonstrates how Imperva SecureSphere Web Application Firewall and Imperva ThreatRadar threat intelligence services together provide organizations an effective and proactive way to protect web applications against automated threats, both now and in the future.
Combat today’s threats with a single platform for app and data security
Read Combat Today’s Threats with a Single Platform for App and Data Security and learn how to protect web applications and sensitive data across the enterprise and in the cloud. Employing a practical approach, this paper guides you through four simple steps to discover, assess, protect and monitor access to sensitive data.
Stop Bad Bots – What Security Professionals Need to Know about Defeating Zombies
Organized cybercrime is thriving as hackers continue to invent new ways to attack your critical web assets. Armies of zombie devices—or botnets—are responsible for $9 billion in losses to U.S. victims and over $110 billion in losses globally. Source: Imperva Incapsula, FBI testimony before the Senate Judiciary Committee, Subcommittee on Crime and Terrorism
This eBook examines ways you can improve your web application security strategy by defending against bad bots, proactively detect and classify malicious and unknown bots, mitigate them and prevent web account takeover.
Five Ways Imperva Surpasses the Competition for Web Application Security
Web application firewalls have become an essential component of the modern organization's security infrastructure, providing scalable high-fidelity protection of business-critical web applications from a broad spectrum of cyber threats. As with any must-have enterprise security solution, there is considerable variation in available offerings. This white paper examines five ways that the industry leading Imperva SecureSphere Web Application Firewall surpasses the competition, to help IT security and application defense teams navigate the evaluation process.
Top 5 Solution Requirements for Account Takeover Protection
Account takeover attacks are a significant problem for Internet facing Web applications that have become the backbone of the modern business. According to the 2015 Verizon Data Breach Investigations Report, over 50% of the Web application attacks came from the use of stolen credentials. Left unchecked, the costs can be enormous, and ranging from loss of confidential data, customer trust, and brand reputation to significant operational disruptions and financial damages.
This paper provides five essential requirements that IT security teams can use to evaluate candidate solutions for account takeover protection. It also explains how Imperva SecureSphere Web Application Firewall with ThreatRadar Account Takeover Protection addresses each requirement.
Interview with Executive Allan Tessler: Corporate Directors Must Be Involved in Cyber Security
A corporate board needs to be responsible for ensuring that an organization’s intellectual assets as well as customer information are protected. Customer data is one of the primary sets of information that needs to be safeguarded from hacking and invasion because of the potential mal-use of that information. Read this short Q&A to learn why it’s important for corporate directors to understand cyber security risks.
Mitigating the OWASP Top 10 2013 with Imperva SecureSphere
The Open Web Application Security Project (OWASP) Top Ten is widely recognized as one of the leading standards for identifying critical web application security risks. This paper analyzes the latest 2013 release of the OWASP Top Ten most critical web application security risks and outlines how SecureSphere Web Application Firewall (WAF) addresses and mitigates each OWASP Top Ten threat.
What Next Gen Firewalls Miss: 6 Requirements to Protect Web Applications
Web application attacks threaten nearly every organization with an online presence. While some security vendors contend that their next generation firewalls can stop Web attacks, these products lack essential Web security features, leaving customers exposed to attack. This paper lays out the six key requirements needed to protect Web applications and it shows how Web application firewalls alone can effectively satisfy these requirements.
[eBook] 10 Things Every Web Application Firewall Should Provide
Securing Web applications against cybercriminals, hacktivists, and state-sponsored hackers is a never-ending effort. Why? Because hackers evade traditional network security defenses to take down Websites and to steal data; malicious users probe websites around-the-clock looking for vulnerabilities; and, automation tools such as off-the-shelf attack toolkits and botnets make it easy to execute large-scale attacks. Web application firewalls have become the central platform for protecting applications against all online threats. This eBook explains in detail the 10 features that every Web application firewall should provide.
The Future of Web Security: 10 Things Every Web Application Firewall Should Provide
Web application firewalls have become the central platform for protecting applications against all online threats including technical Web attacks, business logic attacks, and online fraud. Web application firewalls understand Web usage and validate input to stop dangerous attacks like SQL injection, XSS, and directory traversal. They block scanners and virtually patch vulnerabilities. And they rapidly evolve to prevent new attacks and to keep critical applications safe. Because Web application firewalls are strategic, every organization must carefully evaluate the products' security, management, and deployment capabilities. This paper explains in detail the 10 features that every Web application firewall should provide.
[eBook] How to Protect Your Website From Hackers
Hackers continuously attack Websites in order to steal sensitive data and disrupt access. To address the threat from hackers, the PCI Data Security Standard mandates that merchants fortify their Web applications against attack. This eBook describes today's Web security risks and introduces new cloud-based solutions that protect Websites from hackers and meet PCI compliance requirements.
Cutting the Cost of Application Security
Web application attacks can result in devastating data breaches and application downtime, costing companies millions of dollars in fines, brand damage, and customer turnover. This paper illustrates how the SecureSphere Web Application Firewall provides a Return on Security Investment of 2090% by preventing data breaches and Website downtime. SecureSphere also offers a compelling return compared to manual vulnerability remediation by eliminating costly emergency fix and test measures.
Detecting and Blocking Site Scraping Attacks
Site scraping attacks range from harmless data collection for personal research to calculated, repeated data harvesting used to undercut competitor's prices or to illicitly publish valuable information. Site scraping, also called screen scraping or Web scraping, can undermine victims' revenues and profits by siphoning off customers and reducing competitiveness. This paper investigates various types of scraping attacks, site scraping tools, and effective techniques to detect and stop future attacks.
Botnets at the Gate
Stopping Botnets and Distributed Denial of Service Attacks
Botnets have infiltrated millions of users' computers and wrecked incalculable damage. This white paper lifts the veil on botnets and on the cyber-criminals behind them. It analyzes the history, growth, and economics behind botnets. It then investigates one of the most common attacks executed by botnets: the Distributed Denial of Service (DDoS) attack.
Security for PCI Compliance
Addressing Security and Auditing Requirements for Web Applications, Databases, and File Servers
For many organizations, Web, database, and file security present the most challenging barriers to achieving PCI DSS compliance. Often, businesses must provision new technologies or roll out new processes to satisfy Web application security, data audit, and user rights management requirements in the PCI standard.
This paper focuses on the key PCI DSS requirements that impact application and data security. Designed for auditors and security professionals, it describes how Imperva SecureSphere solutions can help organizations address the most costly and complex PCI mandates.
Anatomy of an XSS Campaign
The Imperva Defense Center observed the full anatomy of a cross-site scripting (XSS) campaign, showing why it's so easy to conduct a muscular phishing campaign in just under an hour.
Protected! Mitigating Web Application and Database Vulnerabilities with Virtual Patching
It's not always possible - or practical - to patch vulnerabilities in your Web applications or databases as soon as you discover them. You can use a technique known as ""virtual patching"" to rapidly address vulnerabilities and ensure you are protected until a long-term fix can be put in place. This brief whitepaper discusses the business benefits of virtual patching, including improved security and increased operational efficiency.