|
By Vivek Gopalan
A web application firewall is a security software that observes and filters HTTP/HTTPS traffic between a web application and the internet. While this has been available for decades, with the evolution of the threat landscape, WAFs have also added additional capabilities to protect not only web apps but also APIs against a range of attacks, including DDoS and bot attacks. So, the category has evolved and is currently called Web Application and API Protection (WAAP).
|
By Phani Deepak Akella
Banking & Financial Services (BFS) firms are shouldering a uniquely heavy share of the global threat load. The newly released Indusface State of Application Security 2026 study paints a stark picture: Why the laser focuses on finance? Strict regulations mean banks generally run strong perimeters, so adversaries pivot to bots, API abuse, and nuanced business-logic exploits that slip past ‘default’ defenses.
NGINX administrators are facing back-to-back emergency patch cycles. Within days of each other, two critical heap buffer overflow vulnerabilities were disclosed in the same NGINX component, both capable of crashing worker processes and enabling remote code execution on systems without ASLR. If your organization runs NGINX in any capacity, these need immediate attention.
A highly critical SQL injection vulnerability in Drupal core has raised concerns across organizations running PostgreSQL-backed Drupal environments. Tracked as CVE-2026-9082, the vulnerability affects Drupal’s database abstraction layer and can be exploited remotely without authentication. The vulnerability was disclosed through Drupal security advisory SA-CORE-2026-004 on May 20, 2026. CVE-2026-9082 is now under active exploitation.
A high-severity vulnerability in Next.js allows attackers to bypass middleware-based authorization controls in App Router applications through specially crafted.rsc and segment-prefetch requests. Tracked as CVE-2026-44575, the vulnerability can expose protected pages and sensitive application content without triggering the intended authentication or access control checks.
|
By Venkatesh Sundar
Your database is one apostrophe away from a breach. SQL injection has been the most common web vulnerability for three consecutive years. The 2025 Verizon DBIR reports it contributed to 12% of all data breaches, up from 9% the year before. In December 2024, a PostgreSQL SQL injection zero-day gave state-sponsored attackers a path into the US Treasury. In 2023, a single campaign used it to steal 2 million job seeker records across 65 websites in one month. The fix has been known for two decades.
|
By Venkatesh Sundar
DDoS attacks cost businesses an average of $6,130 per minute in downtime losses. According to the Indusface State of Application Security 2026 report, 70% of all websites faced at least one DDoS attack in 2025, attacks per website grew 27% year over year, and APIs were targeted 675% more than traditional websites.
Healthcare absorbed ~24 million attacks in 2025, a 115% increase year over year, according to the Indusface State of Application Security 2026 report. DDoS alone grew 39% across the sector. But disruption here is not just about lost revenue or downtime. When systems go dark, emergency rooms divert patients, doctors lose access to electronic health records, and appointments are cancelled.
SaaS companies face a 20% yearly likelihood of a significant DDoS attack, according to the Indusface State of Application Security H1 2025, underlining the risks to uninterrupted operations. Even brief downtime can have severe consequences. On average, a DDoS attack costs businesses$6,130 per minute in downtime losses. For SaaS platforms, one attack hits every tenant at once, multiplying the SLA breaches, churn risk, and reputational damage across the entire customer base simultaneously.
Globally, schools and universities now face over 4,300 cyberattacks per week on average, marking a 40% year-over-year increase and making the education sector a prime target for disruptive DDoS attacks. Most educational institutions operate with lean IT teams responsible for infrastructure, user support, and security. This resource constraint makes it difficult to withstand prolonged or application-layer DDoS attacks that can quickly disrupt learning platforms and administrative systems.
|
By Indusface
In this Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface and Nishith Datta, Head of Cybersecurity at Titan, discusses one of the most pressing challenges in modern security, vulnerability patching in the age of AI. As AI accelerates both the scale and sophistication of attacks, traditional patching cycles are no longer enough. Nishith shares his frontline perspective on how enterprises securing omnichannel consumers must rethink their approach to exposure management.
|
By Indusface
In this Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, and Nishith Datta, Head of Cybersecurity at Titan, breaks down one of the biggest myths in retail cybersecurity, especially in the era of omnichannel distribution channels. As digital and physical experiences evolve, securing consumer journeys is no longer straightforward. Nishith shares his frontline perspective on why traditional assumptions around retail security fall short, and what organizations must rethink to stay resilient.
|
By Indusface
In Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, spoke with Madhur Joshi, CISO at HDB Financial Services (part of the HDFC Group), about building a security-first culture across the organization. They discussed how cybersecurity is no longer limited to IT, and why embedding security into every business function is critical. Watch this video to learn how HDB Financial Services has made cyber security a shared responsibility across teams.
|
By Indusface
In this webinar, the Indusface team shares practical insights on selling modern application security solutions more effectively. The session covers recent product updates, positioning strategies, competitive differentiation, and common customer challenges faced in today’s cybersecurity landscape. Key takeaways include.
|
By Indusface
In Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, spoke with Madhur Joshi, CISO at HDB Financial Services (part of the HDFC Group), about how leadership expectations from cybersecurity are evolving. They discussed how boards today are looking beyond traditional security metrics, with a sharper focus on third-party risk, data governance, and organizational resilience.
|
By Indusface
In Episode of Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, spoke with Madhur Joshi, CISO at HDB Financial Services (part of the HDFC Group), about how AI is reshaping the cyber threat landscape. They discussed how attackers are now leveraging AI to launch more sophisticated phishing campaigns, automate malware, and scale attacks faster than ever before. As AI lowers the barrier to entry, the speed and complexity of attacks continue to increase, making it harder for organizations to keep up.
|
By Indusface
Vulnerability scanning is useless if you don’t fix what you find. This short breaks down a practical vulnerability remediation process to prioritize risk, patch faster, and reduce real-world exposure. Learn how security teams move from detection to closure, without months of backlog.
|
By Indusface
This week, in the episode – Guardians of the Enterprise, Ashish Tandon, Founder & CEO, Indusface, speaks with Madhur Joshi, CISO at HDB Financial Services (part of the HDFC Group), on how large financial institutions are navigating a rapidly evolving cyber threat landscape. The conversation covers the rise of AI-driven attacks, Cybercrime-as-a-Service (CaaS), and the growing complexity that comes with expanding digital footprints across cloud, applications, and APIs.
|
By Indusface
A critical vulnerability known as Metro4Shell (CVE-2025-11953) has been identified in the React Native Metro development server, enabling unauthenticated remote code execution when exposed beyond localhost. Active exploitation is already underway, with attackers targeting exposed development environments to gain system-level access. For more insights on website and API security fundamentals, subscribe to our newsletter.
|
By Indusface
Learn the core requirements of NIST CSF 2.0, why they matter, and how they help organizations strengthen cybersecurity posture and risk management.
|
By Indusface
A lot of vulnerabilities notoriously registered themselves in the Internet hall of fame, continuing to haunt giant organizations. When so much is happening around, we are sure you would have missed out on some of the key stories. Read this eBook to stay updated on everything important.
|
By Indusface
With the rapid explosion of APIs and the huge exchange of information through APIs, every organization should be concerned about how secure are these APIs? Download this whitepaper to understand the evolving cyber threats to APIs and how to mitigate them.
|
By Indusface
Bots are everywhere in today's technology. The fundamental challenge is to detect and block the malicious bots that could destroy your business. Download our whitepaper to understand the importance of a good bot management solution.
|
By Indusface
Web-based attacks are the most common attack faced by many businesses regardless of size. Want to identify the vulnerabilities most prevalent to your business and mitigate them?
|
By Indusface
Whatever may be the reason behind the DDoS attacks, this attack is here to stay and almost anyone can become a victim of DDoS attacks. The key piece to address this attack is the DDoS mitigation plan that organizations have in place.
|
By Indusface
In this time of increasing complex cyber-attacks, you should look across the multiple security vulnerabilities to investigate and mitigate risks to keep your organization safe. This eBook reviews the real security attacks that have exploited vulnerabilities and provides a synopsis of facts and fixes.
|
By Indusface
Managed WAF is the best solution available to protect applications from attacks. In this whitepaper, we will try to explore why this is the case and how can WAF be effectively deployed to ensure better efficacy?
|
By Indusface
Website vulnerabilities have become a security nightmare for most businesses. Whether you're an entrepreneur, a CIO, a director of security, a CTO, or something in between, understanding and evaluating risks is critical. And that's exactly where this eBook, can help you.
- June 2026 (1)
- May 2026 (16)
- April 2026 (3)
- March 2026 (10)
- February 2026 (11)
- January 2026 (14)
- December 2025 (27)
- November 2025 (13)
- October 2025 (18)
- September 2025 (9)
- August 2025 (14)
- July 2025 (10)
- June 2025 (23)
- May 2025 (19)
- April 2025 (9)
- March 2025 (17)
- February 2025 (6)
- January 2025 (10)
- December 2024 (6)
- November 2024 (10)
- October 2024 (5)
- September 2024 (5)
- August 2024 (10)
- July 2024 (12)
- June 2024 (5)
- May 2024 (7)
- April 2024 (8)
- March 2024 (8)
- February 2024 (9)
- January 2024 (8)
- December 2023 (5)
- November 2023 (7)
- October 2023 (9)
- September 2023 (10)
- August 2023 (9)
- July 2023 (12)
- June 2023 (7)
- May 2023 (10)
- April 2023 (9)
- March 2023 (15)
- February 2023 (13)
- January 2023 (6)
- December 2022 (1)
- November 2022 (4)
- October 2022 (10)
- September 2022 (10)
- August 2022 (5)
- July 2022 (1)
- April 2022 (6)
- March 2022 (1)
- February 2022 (6)
- January 2022 (3)
Secure web applications & APIs with ease. Get fully managed web app firewall & scanner to prevent DDoS & Bot attacks.
Indusface is a SaaS company that secures critical Web applications of 3000+ global customers using its award-winning platform that integrates a Web application scanner, Web application firewall, CDN, and threat information engine. Indusface is funded by Tata Capital Growth Fund.
We make it easy for you to secure your Web and Mobile Applications:
- Managed Web Application and API Protection: Risk Based Fully Managed Web Application and API protection with real time protection against OWASP exploits, DDOS attacks, Bot Mitigation and Zero Day attacks with 24x7 support from security experts.
- Comprehensive application vulnerability detection: Automated DAST Scanner combined with on demand Manual Penetration Testing , False positive removal via manual verification with 24x7 support from Security experts.
- Comprehensive Mobile Application vulnerability detection: In depth Pen-testing with multiplatform coverage including iOS, Android, Windows
- Powerful digital certificates for secure communication: Standard, EV, UCC multidomain & Wildcard certificates for your applications.