main

SecurityWAF

Access to Applications Based on a « Driving License » Model

July 18, 2018 — by Thomas Gobet0

application-licensing-960x640.jpg

More and more countries are modifying their policies with a new “driving license” model.

With a classic license model, drivers can be caught frequently; they just have to pay a huge amount of money to the police each time.

Since this model has lot of limitations, it was changed to a “point-based model.” Either you begin with 0 points (and you increase it based on your “mistakes”) or your points decrease. Regardless of how the model works, you’re still allowed to drive if you have below a certain number of points on your license.

SecurityWAF

WAFs Should Do A Lot More Against Current Threats Than Covering OWASP Top 10

July 12, 2018 — by Ben Zilberman0

owasp-top-10-960x640.jpg

Looking in the rearview mirror

The application threat landscape has rapidly evolved. For years, users consumed applications over the internet using the common tool – web browsers. At every point in time, there were 2-5 web browsers to support, and the variety of application development and testing frameworks was relatively limited. For instance, almost all databases were built using the SQL language. Unfortunately, not long before hackers began to abuse applications in order to steal, delete and modify data. They could take advantage of applications in different ways, primarily by tricking the application user, injecting or remotely executing code. Shortly after, commercialized solutions named Web Application Firewalls (WAF) emerged, and the community responded by creating the Open Web Application Security Project (OWASP) to set and maintain standards and methodologies for secure applications.

DDoSSecurityWAF

Building Tier 1 IP Transit – What’s Involved and Why Do It?

July 11, 2018 — by Richard Cohen0

ip-transit-960x540.jpg

Not all internet connectivity is created equal. Many Tier 2 and Tier 3 ISPs, cloud service providers and data integrators consume IP Transit sourced from Tier 1 Wholesale ISPs (those ISP’s that build and operate their own fabric from L1 services up). In doing so, their ability to offer their customers internet services customised to particular requirements is limited by the choices they have available to them – and many aspects of the services they consume may not be optimal.

DDoSSDNSecurityWAF

Orchestrating Flows for Cyber

January 24, 2018 — by Edward G. Amaroso0

sdn-960x463.jpg

There is a great scene in the movie Victor, Victoria, where the character played by James Garner decides it’s time to mix things up a bit. So, he strolls into an old gritty bar wearing a tuxedo, walks up to the bartender, and orders milk. Within minutes, the other men in the bar decide they’ve had enough of this, and they start an intense bar fight. Garner is soon throwing and taking punches, getting tossed across the floor, and loving every minute of it.

Application DeliveryWAF

Marrying the Business Need With Technology, Part 3: Re-aggregating the Tools

January 18, 2018 — by Daniel Lakier0

reaggregating-tools-960x421.jpg

In part one of this blog series we discussed how there is oftentimes a lack of knowledge when it comes to infrastructure technology and knowhow in the relevant DevOps teams. This is not what was intended when “Agile” moved from being a pure development approach to a whole technology management methodology, but it is where we find ourselves. One of the consequences we face because of this is that the traditional user of many technologies, the developers/application owners, know what functionality they should have but not where to get it.

Application DeliveryWAF

Application Delivery and Application Security Should be Combined

January 17, 2018 — by Frank Yue0

waf-adc-960x579.jpg

Most businesses have multi-function printers that can fax, scan, and copy.  In our roles, we are multi-functional as well.  A network architect is often the operational troubleshooter because of his/her knowledge and expertise.  The financial expert can take on the role of the supply logistics because of their understanding of the parts and processes involved in the day to day business.

SecurityWAF

Taking Stock of Application-Layer Security Threats

January 11, 2018 — by Radware0

waf-finance-960x720.jpg

The financial services industry is, by its very nature, inherently risk adverse. The sheer volume of transactional data moving through networks can be staggering and protecting that data from cyberthreats is strategically and fiscally critical. To understand how financial service executives keep their most prized applications secure, Radware surveyed over 600 chief information security officers (CISOs) and other security leaders across financial services, retail and healthcare industries. This article provides an overview of key findings from Radware’s web application security report: Web Application Security in a Digitally Connected World.

SecurityWAF

Retail & Web Application Security: What Application-Layer Security Threats Are in Store for Retailers

January 10, 2018 — by Radware0

waf-retail-960x720.jpg

The retail industry is undergoing a transformative period as the “empowered” consumer, driven by technological advances and breakthroughs, impacts how retailers market, communicate and sell. Retailers continue to erode the barrier to purchase via a myriad of new technologies, such as mobile apps, social media transactions and AI that converse with consumers. They leverage AI to analyze buyer behavior and optimize buyer preferences. Even “traditional” retailers have invested in technologies that track both offline and in-store behaviors to further reduce the barrier to sale regardless of location.