AWS WAF, a widely used security tool from Amazon Web Services, is a web application firewall designed to safeguard web application servers against various online threats. The tight integration of AWS WAF with key AWS services, including Amazon CloudFront CDN, Application Load Balancer (ALB), and Amazon API Gateway, ensures a comprehensive security approach. AWS WAF can also protect services offered by other providers as long as the content is delivered via the CloudFront distribution network.

Data breaches and their immediate impact on the organization are widely publicized. But what happens after the breach, especially with the breached credentials such as usernames and passwords? The breached credentials are often sold in the black market or leveraged by the attacker to attack the same or other organizations. This leads to credential stuffing attacks, where the stolen credentials are reused on different websites.

Cross-Site Scripting (XSS) is a security vulnerability that allows an attacker to inject malicious code into a web page viewed by other users, usually in a script. When other users view the compromised page, the injected code can execute and steal sensitive information or perform malicious actions on their behalf. This attack typically targets web applications that allow user-generated content or input, such as message boards, comment sections, or search boxes.

We’re excited to announce that Indusface has once again been recognized as a 2024 Gartner® Peer Insights™ Customers’ Choice for Cloud Web Application and API Protection (WAAP) for three consecutive years. What’s more, with a rating of 4.9, Indusface is the highest-rated WAAP and the only vendor to achieve a 100% customer recommendation rating, as reviewed by 102 large enterprises and midsize businesses worldwide.

Get Android & iOS App Penetration Testing Checklists with OWASP Mobile Top 10 Securing mobile applications poses distinct challenges compared to websites. Mobile apps require specialized attention with risks ranging from secure data transfer to device-specific vulnerabilities. Businesses need the right resources and guidance to protect their mobile applications. The OWASP Mobile Top 10 is a good starting point as it outlines the risks and provides actionable tips for mitigating risks.

Web applications are crucial for business growth but are often targeted by cyber attackers. In 2023 alone, over 6.8 billion attacks were blocked across 1400 web applications, underscoring the growing threat. One mitigation measure to shield your business’s critical websites and applications is blocking malicious traffic with a WAF or a WAAP, as what the category is called now. Deploying Cloud WAF is just the beginning. To achieve top-notch security, a managed solution is essential.

Vulnerabilities are everywhere and often exploited. For example, in 2023, over 29,000 critical and high vulnerabilities were discovered across approximately 1,400 applications. The dynamic and evolving attack surfaces make it harder to protect against these threats. When the attack surface gets bigger, so does the risk of cyber attacks. This blog delves into what an attack surface is and recommends best practices in attack surface reduction.