Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Hospitals, clinics, pharma companies and digital‑health start‑ups are now on the front line of application‑layer threats. Without purpose‑built Web Application and API Protection, vital services and patient safety are placed at risk. Some concerning stats.

Banking & Financial Services (BFS) firms are shouldering a uniquely heavy share of the global threat load. The newly released Indusface State of Application Security 2025 study paints a stark picture: Why the laser focuses on finance? Strict regulations mean banks generally run strong perimeters, so adversaries pivot to bots, API abuse, and nuanced business-logic exploits that slip past ‘default’ defences.

Web Application Firewalls (WAFs) have emerged as indispensable tools not only for blocking cyber threats but also for supporting compliance across various industries and jurisdictions. Whether you’re dealing with sensitive payment information, personal health records, or consumer data, a WAF can significantly simplify your compliance journey.

APIs are now the top attack vector, facing 68% more threats per host and 16 times more DDoS traffic than traditional web apps. These findings come from the State of Application Security 2024 report, based on analysis of over 2 billion API attacks blocked by AppTrana WAAP. As APIs become critical to digital transformation, understanding how to secure them—beyond just authentication—is no longer optional.

APIs are now the most attacked layer in the application stack— APIs are being hit 68% more often per host than traditional web apps with APIs facing 1600% more DDoS traffic than web apps. This was found in the state of application security 2024 report where we analyzed 2 billion API attacks blocked on AppTrana WAAP. This isn’t surprising. APIs are inherently automation-friendly, often underprotected, and expose direct access to data and logic.

Web Application Firewalls (WAFs) play an important role in protecting websites and applications from common threats. But despite their growing adoption, WAFs are often surrounded by myths and misunderstandings that can lead to ineffective implementation or underutilization. In this blog, we debunk the most common myths about WAFs and reveal the truth behind what they can and cannot do.

The insurance sector is in the middle of a cybersecurity storm. In 2024, Indusface analyzed over 495 million attacks targeting insurance websites and APIs. The findings were alarming: attackers are no longer spraying and praying; they’re precise, persistent, and increasingly automated. Here’s what the data showed: Insurance companies, which handle high volumes of personal and financial data, cannot afford security gaps.

A Web Application Firewall (WAF) is your first line of defense against internet traffic that can be both legitimate and malicious. It helps protect your web applications, websites, and servers from various cyber-attacks by filtering out harmful traffic. WAF (WAAP) is essential for web security as it quickly identifies and addresses vulnerabilities in applications and servers.

On March 19, 2025, the CISA issued a warning about the active exploitation of CVE-2017-12637, a directory traversal vulnerability in SAP NetWeaver AS Java. This vulnerability, originally patched in 2017, has resurfaced due to incomplete mitigations, leading to increased risks for organizations using outdated or misconfigured SAP environments.

On March 17th, 2025, security researchers confirmed active exploitation of Apache Tomcat’s recently disclosed vulnerability, CVE-2025-24813. Publicly disclosed on March 10th, the earliest signs of exploitation were observed on March 12th, with attackers leveraging the flaw just 30 hours after disclosure. This vulnerability enables Remote Code Execution (RCE) and information disclosure by exploiting Tomcat’s request-handling mechanism.