Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


Black Box Security Testing - Process, Types and Techniques

With cybercrime costs projected to hit $10.5 trillion by 2025, securing digital assets is more critical than ever. Black box testing in security has become a key strategy for organizations to identify vulnerabilities in software and systems proactively. This blog delves into the essential role of black box security testing in mitigating risks along with its various types and techniques.

CVE-2024-4577 - A PHP CGI Argument Injection Vulnerability in Windows Servers

On June 7, 2024, a new critical PHP vulnerability CVE-2024-4577 was revealed, mainly impacting XAMPP on Windows. It happens when PHP runs in CGI mode with specific language settings, like Chinese or Japanese. The problem comes from how PHP handles certain characters, allowing attackers to inject code through web requests and take control of servers. This vulnerability, if exploited, could lead to the execution of arbitrary code, a scenario with severe consequences for system integrity and data security.

Account Takeover, SQL Injection and DDoS Attack Simulation on APIs

Overview: According to TechTarget, 94% of organizations experience security problems in production APIs, and one in five suffers a data breach. The primary reason is that most tech leaders assume that having a strong authentication and authorisation framework is enough to secure APIs. As a result, cyberattacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise. Join Karthik Krishnamoorthy, CTO and Vivekanand Gopalan Gopalan, VP of Products at Indusface, in this webinar as they demonstrate how APIs can be hacked.

AWS WAF vs. AppTrana WAF

AWS WAF, a widely used security tool from Amazon Web Services, is a web application firewall designed to safeguard web application servers against various online threats. The tight integration of AWS WAF with key AWS services, including Amazon CloudFront CDN, Application Load Balancer (ALB), and Amazon API Gateway, ensures a comprehensive security approach. AWS WAF can also protect services offered by other providers as long as the content is delivered via the CloudFront distribution network.

11 Best Practices for Preventing Credential Stuffing Attacks

Data breaches and their immediate impact on the organization are widely publicized. But what happens after the breach, especially with the breached credentials such as usernames and passwords? The breached credentials are often sold in the black market or leveraged by the attacker to attack the same or other organizations. This leads to credential stuffing attacks, where the stolen credentials are reused on different websites.

What is Cross-Site Scripting (XSS)? Types of XSS, Examples, and Patching Best Practices

Cross-Site Scripting (XSS) is a security vulnerability that allows an attacker to inject malicious code into a web page viewed by other users, usually in a script. When other users view the compromised page, the injected code can execute and steal sensitive information or perform malicious actions on their behalf. This attack typically targets web applications that allow user-generated content or input, such as message boards, comment sections, or search boxes.

Launching SwyftComply on AppTrana WAAP

Overview: Periodic security audits and compliance requirements have been a major source of stress for IT and security leaders. Especially as they demand a clean, zero-vulnerability report every 6-12 months in highly regulated industries. That is a big challenge in the face of hundreds of open vulnerabilities and zero-days. With this in mind, we have launched, SwyftComply on AppTrana WAAP. With SwyftComply, you’ll be able to get a clean, zero-vulnerability report within 72 hours.

Top 15 DDoS Protection Best Practices

In 2021, Amazon suffered a financial setback of around $34 million due to a one-hour system outage that led to a considerable loss in sales. Meta suffered a loss of nearly $100M because of Facebook’s 2021 outage. The consequences of downtime can be severe, and businesses of all sizes and governments can be affected. A DDoS attack can bring a business to a complete standstill for hours, leading to a substantial loss in revenue.

Indusface Recognized as a 2024 Gartner Peer Insights Customers' Choice for Cloud WAAP

We’re excited to announce that Indusface has once again been recognized as a 2024 Gartner® Peer Insights™ Customers’ Choice for Cloud Web Application and API Protection (WAAP) for three consecutive years. What’s more, with a rating of 4.9, Indusface is the highest-rated WAAP and the only vendor to achieve a 100% customer recommendation rating, as reviewed by 102 large enterprises and midsize businesses worldwide.

Critical OWASP Mobile Top 10 2024 Vulnerabilities [+Mobile App Pen-testing Checklists]

Get Android & iOS App Penetration Testing Checklists with OWASP Mobile Top 10 Securing mobile applications poses distinct challenges compared to websites. Mobile apps require specialized attention with risks ranging from secure data transfer to device-specific vulnerabilities. Businesses need the right resources and guidance to protect their mobile applications. The OWASP Mobile Top 10 is a good starting point as it outlines the risks and provides actionable tips for mitigating risks.