LATEST POST

2 Results tagged on "waf":

Wake up call. Apache Struts is being exploited

Dislaimer: It's a tale of incident response for a vulnerability dated March 2017, that wasn't patched on the server. And, someone exploited it naively. It was in the night that I received a message - "We have been hacked". As with most of the hacks, people tend to overreact (or sometimes under) and the 1st message delivers the least amount of information. It started a chain of events, and forensics to identify...
Read more

Need for WAF in the world of Secure SDLC

You have a secure development lifecycle, and you do perform a pen-test before going live, or rolling out an application in production; then why do you need a Web Application Firewall? At the end, it is one more security product where ROI is difficult to prove. This is one of the most common question I have been asked when talking about application security. People are still conservative when it comes to buying a good...
Read more