Despite it being a more advanced injection attack, it is one that has been known for some time now (for example, our clients have been protected against JSF**K since we first rolled out). But, eBay did not protect against it in one (known) part of its website. As such, eBay’s decision to not act upon Check Point’s warning, while quite surprising, does shed some light on the difficulties companies are facing, even the largest ones, in maintaining a strong and up to date Web Application Firewall (WAF) to protect their websites and users.
Maintaining the protection of a website becomes a significant challenge as a company grows and the responsibility is distributed amongst individual developers/security experts. The cliché that “a chain is only as strong as its weakest link” takes on a very real and dangerous meaning as each developer is required to keep up with the fast changing landscape of security threats.
Moreover, reacting to changes becomes an increasingly difficult problem when new threats are discovered, and patches need to be quickly deployed across all assets. This challenge is amplified when the complexity of the code base/infrastructure grows and development resources are stretched.
As Reblaze customers know, it is these difficulties (and more) that Reblaze’s service so elegantly solves. By centralizing the protection of a website and placing it in the hands of a dedicated service, with a team of security specialists, you can be assured that you are always protected against the latest threats.