Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The Sysdig Threat Research Team discovered techniques that allowed the AWS WAF to be bypassed using a specialized DOM event. Web Application Firewalls (WAFs) serve as the first line of defense for your web applications, acting as a filter between your application and incoming web traffic to protect against unauthorized or malicious activity. In this blog post, we will analyze one of the most commonly used Web Application Firewalls, the AWS WAF, and explain ways that allowed it to be bypassed.

This blog is part of a series about how to use Vanta and AWS to simplify your organization’s cloud security. To learn more about how to use Vanta and AWS, watch our Coffee and Compliance on-demand webinar. ‍ Amazon Web Services, or AWS, is one of the most popular cloud providers for organizations today — providing one of the most flexible and secure cloud environments available.

You may know Cloudflare as the company powering nearly 20% of the web. But powering and protecting websites and static content is only a fraction of what we do. In fact, well over half of the dynamic traffic on our network consists not of web pages, but of Application Programming Interface (API) traffic — the plumbing that makes technology work.

The cloud stands as a revolutionary force, redefining the way businesses operate, collaborate and innovate. Its scalability, flexibility and accessibility have transformed industries, offering a wealth of opportunities for organizations of all sizes. However, with these advancements come significant security concerns, particularly in managing access to sensitive data and critical systems.

The modern enterprise is all about the cloud. Digital transformation includes not only the adoption of cloud computing through application migration, but a transition from disk storage to cloud storage. Cloud storage has some key advantages over traditional disk storage, including the following: While there are multiple cloud storage options available today, including Amazon Web Services (AWS), Azure Storage is a logical choice for Microsoft Azure customers.

Welcome to the sixteenth edition of Cloudflare’s DDoS Threat Report. This edition covers DDoS trends and key findings for the fourth and final quarter of the year 2023, complete with a review of major trends throughout the year.

One thing we’ve consistently heard from our customers is that using legacy SOAR solutions to build AWS automations and workflows is complex and painfully slow. Why? Because legacy SOAR solutions typically use Python to do anything, and to make Python work for you, you have to be an expert in it. Python is often complex and requires writing scripts to execute most commands.

A recent news article from Bleeping Computer called out an incident involving Japanese game developer Ateam, in which a misconfiguration in Google Drive led to the potential exposure of sensitive information for nearly one million individuals over a period of six years and eight months. Such incidents highlight the critical importance of securing cloud services to prevent data breaches.

The challenge of telling humans and bots apart is almost as old as the web itself. From online ticket vendors to dating apps, to ecommerce and finance — there are many legitimate reasons why you'd want to know if it's a person or a machine knocking on the front door of your website. Unfortunately, the tools for the web have traditionally been clunky and sometimes involved a bad user experience.