One in two sites on AppTrana WAAP have faced a DDoS attack in the last 90 days. Most of those attacks were thwarted using a combination of machine learning on user behaviour and granular rate limits at URI, IP, and Geo levels. For SOC teams who don’t have an advanced behavioural DDoS mitigation tool like AppTrana at their disposal, this blog covers basic mitigation measures that can thwart the most simple and medium-severity DDoS attacks.

Fastly WAF is a hybrid SaaS solution powered by Signal Sciences. With innovative features like context-based detection through SmartParse, it significantly reduces false positives. Fastly states on its website that over 90% of its WAAP deployments are configured in a blocking mode, a unique achievement matched only by AppTrana and Imperva within the WAAP market.

An API Gateway is a mediator between the client and the collection of backend services. It accepts all API calls and routes them to one or more appropriate backend services. It doesn’t stop there; it aggregates appropriate data/ resources and delivers it to the user in a unified manner. Placed in front of the API/ group of microservices, the API gateway is the single-entry point for all API calls made to and executed by the app.

Over 75% of all cybercrimes primarily target web applications and their vulnerabilities. Attackers focus on exploiting weaknesses such as design flaws, vulnerabilities in APIs, open-source code, third-party widget issues, and access control problems. A recent study predicts that all this cybercrime will cost a massive $5.2 trillion by 2024 across all industries. How do you protect your web application from all the risks out there? Here is a go-to web app security checklist to get started.

A 60-minute DDoS attack could be launched with just $5 as per pricing on the Dark Web, and this was reduced from $15 in 2021. Unlike advanced attacks such as bot or zero-day attacks, these could be launched by hiring bandwidth on any of the ‘DDoS as a service’ websites. No wonder even Gartner calls out DDoS as one of the biggest threat vectors for security teams worldwide.

StackPath announced the discontinuation of its WAF and CDN product lines, redirecting its focus towards a cloud computing platform at the internet’s edge. As a result, the WAF service will cease operations on November 22, 2023.

The proverb, “A stitch in time saves nine,” encapsulates the core of web application security. Businesses must always be one step ahead of attackers and malicious actors to identify vulnerabilities, weaknesses, and misconfigurations in web applications and ensure they are patched and/or fixed before attackers can find and leverage them to orchestrate attacks.

What makes a good website penetration testing tool? Speed, agility, efficiency, or cost benefits? How about all of them? Hackers use automated tools to scan websites and apps before manually trying to exploit security loopholes. As the first step towards securing assets, you should do the same – only with better resources and before them.

Penetration testing is a pre-defined set of procedures used to identify any unknown weakness in the IT infrastructure of a business. It involves attempts to exploit vulnerabilities, which may exist in services and application flaws, operating systems, risky end-user behaviour, or improper configurations, to validate the efficacy of protection mechanisms and end-user observation of security policies.

F5 Cloud WAF combines signature and behaviour-based threat detection mechanisms to protect applications, regardless of the deployment location. It protects against injection attacks, session hijacking, cross-site scripting, man-in-the-middle attacks, and numerous other vulnerabilities, with continuously updated policies to shield against emerging threats.