Another day, another data breach — thanks to misconfigured cloud-based systems. This summer’s infamous Capital One breach is the most prominent recent example. The breach resulted from a misconfigured open-source web application firewall (WAF), which the financial services company used in its operations that are hosted on Amazon Web Services (AWS). The misconfigured WAF was […]
A researcher has conducted experiments to #test some of the most popular #web application firewalls (#waf) and see how efficient they are in protecting against cross-site scripting (XSS) attacks. A WAF is an appliance, a plugin or a filter that applies a set of rules to web communications in an effort to block common types […]
Trustwave’s SpiderLabs has announced the availability of version 2.8.0 of ModSecurity, the open-source, cross-platform Web application firewall (WAF) engine for IIS, Apache and Nginx. The latest version comes with status reporting, a JSON request body parser and @detectXSS operator. The list of new features also includes FULL_REQUEST and FULL_REQUEST_LENGTH variables, and SecConnReadStateLimit and SecConnWriteStateLimit directives. […]
Latest Comments