Azure WAF, A Deep Dive: Part 1
A web application firewall (WAF) is a crucial part of a robust security posture. A WAF detects and blocks a wide variety of threats within incoming traffic: cross-site scripting (XSS), code and SQL injection, protocol exploits, and others. The top-tier cloud providers (AWS, GCP, and Azure) all offer web security tools, including WAFs. We’ve previously […]
Securing CI/CD Pipelines in the Cloud
As cloud-based CI/CD pipelines become more popular, organizations are increasingly looking for ways to secure these critical systems. Often the central pillar of automation for DevOps and agile development teams, CI/CD infrastructure can be a very inviting target for attackers. As a result, organizations that depend on cloud-based CI/CD need to be even more diligent […]
AWS WAF: A Deep Dive, Part 3; Capabilities and Limitations
AWS WAF is the foundation for most of the native security capabilities within Amazon Web Services. In this article series, we’re taking a deep dive into this important tool. In Part 1 of this series, we went through an overview of AWS WAF’s capabilities. In Part 2, we discussed AWS WAF and the OWASP Top […]
Web Security and the Cloud Native Ecosystem, Part 2
In a previous article, we discussed some of the benefits of the cloud native ecosystem, especially as represented by the Cloud Native Computing Foundation (CNCF). As the major cloud service providers have expanded their platforms’ capabilities, developers can reduce their workloads by taking advantage of the services they offer. Adding to this, the open source […]
Hybrid and Multi-Cloud: Solving Their Security Challenges
According to a recent global survey of security professionals, 90 percent of their organizations are now using the public cloud. Of these, more than half are using more than one CSP (Cloud Service Provider), so they have adopted multi-cloud architectures. Meanwhile, many organizations are still using on-premise and/or hybrid infrastructure. As cloud providers have expanded […]
On-Premise Web Security in the Modern Environment
Although some organizations have fully migrated to the cloud today, many have not. They retain some, or even all, of their infrastructure on-prem. This often includes their web security solution. While there may be some advantages to retaining servers (for sites, apps, and APIs) on-prem, web security is a different matter. Organizations still running their […]
Traffic Logging and Monitoring in the Cloud
Logging and monitoring are a crucial part of robust web security today. To properly manage traffic and protect an organization’s sites, apps, and APIs, security managers must be able to: See at a glance the volume and composition of incoming traffic. Get immediate alerts when anomalous activity is detected. Monitor the decisions being made by […]
Bot Management in the Cloud
Most cyberattacks today are waged by bots. Threat actors use bots in a wide variety of ways, including DDoS, ATO (account takeover) attacks, inventory hoarding, input fuzzing, vulnerability scans, and the list goes on. Some of these attacks are common enough that many security solutions include dedicated modules for them (such as DDoS protection and […]
AWS WAF: A Deep Dive, Part 2
When evaluating a WAF, an important consideration is how well it covers the applicable risks defined in the OWASP Top 10 list. OWASP describes this list as “a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.” The first part of […]
How Hackers Attack Your Mobile Apps, Part 3: API Endpoint Vulnerabilities
With a continuously changing threat landscape, application security (AppSec) has emerged as a key process, focusing on integrating safety features into all layers of an application stack. As more organizations have begun publishing native mobile applications, mobile AppSec has become an important consideration in its own right. In the first article in this series (How […]
