Tag: waf
-
China-Built SafeLine WAF Gains Global Popularity Among Startups Homelabs
Beijing, China, 14th July 2025, CyberNewsWire First seen on hackread.com Jump to article: hackread.com/china-built-safeline-waf-gains-global-popularity-among-startups-homelabs/
-
Strengthening Compliance: The Role of WAFs in PCI DSS 4.0.1
A properly configured WAF is no longer optional but mandatory, providing organizations with real-time protection against evolving web-based threats while ensuring regulatory compliance. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/07/strengthening-compliance-the-role-of-wafs-in-pci-dss-4-0-1/
-
ModSecurity WAF Vulnerability Enables DoS Using Empty XML Elements
A newly disclosed vulnerability in ModSecurity, a widely used open-source web application firewall (WAF), exposes servers to denial-of-service (DoS) attacks by exploiting a flaw in the way the software parses empty XML elements. The flaw, registered asCVE-2025-52891, affects ModSecurity versions2.9.8 to before 2.9.11and is rated with aCVSS v3 base score of 6.5 (moderate severity). Vulnerability…
-
Cisco warns of critical API vulnerabilities in ISE and ISE-PIC
Tags: access, ai, api, application-security, attack, authentication, automation, best-practice, business, ceo, cisco, ciso, cloud, communications, control, credentials, data, defense, email, endpoint, exploit, firewall, flaw, framework, guide, Hardware, incident response, malicious, microsoft, mobile, network, penetration-testing, programming, risk, router, saas, sans, service, software, threat, update, vpn, vulnerability, wafroot user.The fault behind both vulnerabilities: Holes in application programming interfaces (APIs).”Take this vulnerability seriously,” said Moses Frost, senior course instructor on cloud penetration testing at the SANS Institute. “In my experience assessing networks, I have found through testing that many lack essential patches and security hardening on their core network devices. I have seen Cisco…
-
Protecting Against Origin Server DDoS Attacks
An origin server DDoS attack (sometimes referred to as direct-to-origin attack) is a technique used to bypass cloud-based DDoS protections such as CDNs and WAFs by targeting the origin server environment directly. Because the malicious traffic avoids the protective proxy layer, it hits the origin server unfiltered, potentially overwhelming systems that are not… First seen…
-
Announcing our Series A – Impart Security
Tags: ai, api, application-security, attack, ceo, ciso, cloud, cve, defense, detection, framework, healthcare, infrastructure, monitoring, risk, saas, technology, threat, tool, vulnerability, wafToday, we’re announcing our $12 million Series A led by Madrona. This funding represents more than capital”, it validates our solution to what I call the ‘last mile problem’ in application security. Here’s a scenario every security professional will recognize: Your team demos an impressive application security tool that catches sophisticated attacks in real-time. The…
-
Securing Against Attacks: How WAF Rate Limiting Works
Rate limiting plays a major role in application security, especially when it is about defending web applications from malicious bot attacks, credential stuffing, brute force attacks and excessive API calls. Rate limiting security ensures that systems function properly without overwhelming them. It controls the number of requests a client or a specific IP address can……
-
Umfassender und von Gartner bestätigter Schutz für Web-Anwendungen und APIs
Check Point Software Technologies gibt bekannt, dass die wichtigsten Anforderungen des aktuellen Gartner-Market-Guide for Cloud-Web-Application and API-Protection (WAAP) erfüllt. Die cloudnative Lösung bietet eine KI-gestützte Sicherheitsarchitektur, die moderne Web-Anwendungen und APIs umfassend schützt von der Entwicklung über den Betrieb bis zur automatisierten Bedrohungsabwehr. In einer zunehmend komplexen Bedrohungslandschaft reichen traditionelle Signatur-basierte WAF-Lösungen […] First seen…
-
Web Application Firewall (WAF) Best Practices For Optimal Security
Web and mobile application code protection is a must-have security control. Modern solutions such as application layer firewall help your organisation to keep those assets protected from threats like SQL injection, cross-site scripting and bot-driven attacks. This is where a Web Application Firewall (WAF) comes into the picture. A WAF has the capability of filtering,……
-
Discover First, Defend Fully: The Essential First Step on Your API Security Journey
APIs power today’s digital economy, but their lightning-fast evolution and astronomical call volumes can leave security teams scrambling to keep up. How can you secure what you can’t yet see or quantify? Imperva’s Unlimited Discovery-Only capability for the Cloud WAF (CWAF) add-On delivers continuous, comprehensive visibility into your entire API landscape without requiring up-front commitment……
-
New ModSecurity WAF Vulnerability Enables Attackers to Crash Systems
A high-severity denial-of-service (DoS) vulnerability (CVE-2025-48866) has been identified in ModSecurity’s Apache module (mod_security2), threatening web application firewall stability. Rated 7.5/10 on the CVSS scale, this flaw enables attackers to crash servers by exploiting argument sanitization logic, with patches now available in version 2.9.10. Sanitisation Logic Flaw The vulnerability stems from ModSecurity’s sanitiseArg action, designed…
-
Evaluating the Security Efficacy of Web Application Firewalls (WAFs)
Web Application Firewalls (WAFs) are now a staple in defending web-facing applications and APIs, acting as specialized filters to block malicious traffic before it ever reaches your systems. But simply deploying a WAF isn’t enough, the real challenge is knowing whether it works when it matters most. Not all WAFs are created equal, and a……
-
SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection
Tags: application-security, attack, detection, exploit, firewall, github, open-source, waf, zero-dayFrom zero-day exploits to large-scale bot attacks, the demand for a powerful, self-hosted, and user-friendly web application security solution has never been greater.SafeLine is currently the most starred open-source Web Application Firewall (WAF) on GitHub, with over 16.4K stars and a rapidly growing global user base.This walkthrough covers what SafeLine is, how it works, and…
-
Siegeszug von EDR, XDR und WAF – Sind Antivirus und Firewall jetzt wirklich out?
First seen on security-insider.de Jump to article: www.security-insider.de/dynamische-sicherheitsloesungen-wandel-it-sicherheit-2021-a-8e7a03a123dc12ad3b7ebb0622ddadf3/
-
NSFOCUS WAF Selected in the 2025 Gartner® Market Guide for Cloud Web Application and API Protection
Santa Clara, Calif. May 14, 2025 Recently, Gartner released the “Market Guide for Cloud Web Application and API Protection”[1], and NSFOCUS was selected as a Representative Vendor with its innovative WAAP solution. We believe this recognition reflects the technical accumulation and practical capabilities of NSFOCUS WAF in the field of cloud native security protection. Its…The…
-
CVE-2025-4427, CVE-2025-4428: Ivanti Endpoint Manager Mobile (EPMM) Remote Code Execution
Tags: access, advisory, api, attack, authentication, cve, endpoint, exploit, flaw, ivanti, mobile, open-source, programming, rce, remote-code-execution, software, vulnerability, waf, zero-dayRemote code execution vulnerability in a popular mobile device management solution from Ivanti has been exploited in the wild in limited attacks Background On May 13, Ivanti released a security advisory to address a high severity remote code execution (RCE) and a medium severity authentication bypass vulnerability in its Endpoint Manager Mobile (EPMM) product, a…
-
Radware Cloud Web App Firewall Flaw Allows Attackers to Bypass Security Filters
Security researchers have uncovered two critical vulnerabilities in Radware’s Cloud Web Application Firewall (WAF) that enable attackers to bypass security filters and deliver malicious payloads to protected web applications. These flaws, designated CVE-2024-56523 and CVE-2024-56524, highlight systemic weaknesses in how the WAF processes non-standard HTTP requests and user-supplied input containing special characters. The vulnerabilities, disclosed…
-
Independent lab crowns new WAAP product among its leaders
An API security specialist’s newly launched WAAP product outranked more established WAF competitors during independent benchmark testing. First seen on techtarget.com Jump to article: www.techtarget.com/searchitoperations/news/366623596/Independent-lab-crowns-new-WAAP-product-among-its-leaders
-
🚀 Agentic Runtime Protection Rules Makes Us the First Truly Self-Writing Security System – Impart Security
Agentic Runtime Rules: The First Self-Writing Security System for Runtime The End of Manual Security Management Is Here Say goodbye to regex repositories and ticket fatigue”, Impart delivers instant detections and autonomous investigations for security teams. For years, security teams have been trapped in reactive mode. Every investigation, detection rule update, or WAF configuration change…
-
Security without speed bumps: Using WAF simulator to transform DevSecOps workflows
Tags: wafFirst seen on scworld.com Jump to article: www.scworld.com/resource/security-without-speed-bumps-using-waf-simulator-to-transform-devsecops-workflows
-
NSFOCUS WAF New UI Showcase: Brand New Policy and Template Management Workflow
Three-Tier Protection Rules “¢ Basic Protection: Pre-configured, general and popular security rules for out-of-box deployment.”¢ Optional/Advanced Protection: Advanced rules, customized for specific Web/API applications for optimum protection. Basic Protection HTTP Protocol Verification Server Plug-in Crawler Web General Illegal Upload Information Disclosure Semantic Engine Scan Protection Optional Protection HTTP Access Control Sensitive Information Filter Smart Engine…The…
-
Hackers target SSRF flaws to steal AWS credentials
Stricter WAF and switching to IMDSv2 can help: The first and foremost remediation F5 researchers said users should apply is migrating to IMDSv2 from IMDSv1. Post-migration, an attacker would be required to supply a secret via a custom header (X-aws-ec2-metadata-token) for successful exploitation.”This fully mitigates exposure of EC2 Metadata via SSRF as SSRF vulnerabilities do…
-
Hackers attempted to steal AWS credentials using SSRF flaws within hosted sites
Stricter WAF and switching to IMDSv2 can help: The first and foremost remediation F5 researchers said users should apply is migrating to IMDSv2 from IMDSv1. Post-migration, an attacker would be required to supply a secret via a custom header (X-aws-ec2-metadata-token) for successful exploitation.”This fully mitigates exposure of EC2 Metadata via SSRF as SSRF vulnerabilities do…
-
Why traditional bot detection techniques are not enough, and what you can do about it
Bots are often used to conduct attacks at scale. They can be used to automatically test stolen credit cards, steal user accounts (account takeover), and create thousands of fake accounts. Detecting bot activity has traditionally relied on techniques like Web Application Firewalls (WAFs), CAPTCHAs, and static fingerprinting. However, with the First seen on securityboulevard.com Jump…
-
Design, implement, and deploy application protection policies with Cursor Agent – Impart Security
Tags: ai, application-security, breach, business, compliance, data, data-breach, detection, gartner, risk, risk-management, tool, wafIntroducing Impart + Cursor: Truly Autonomous Application Protection Runtime Security Without the Babysitting Security teams can now define application protection policies declaratively in Impart, with Cursor’s agent executing them safely and autonomously, eliminating the need for tedious clickops. Why This Matters Application protection has traditionally been a necessary burden. Security engineers find themselves trapped in…
-
New UI for NSFOCUS WAF V6.0R09F00 Experience a Smoother Site Management
NSFOCUS understands that the Security Operations team is facing increasing threats to their web applications and workloads are rising accordingly, a simple yet easy-to-use WAF has become more important than ever for effective Security Operations. The upcoming NSFOCUS Web Application Firewall (WAF) V6.0R09F00 (hereafter called as 6090) not only comprehensively reconstructs the architecture but also…The…
-
8 Best Application Firewall (WAF) Solutions in 2025
Find the best Web Application Firewall (WAF) solutions to protect your apps. Compare top vendors, features, and deployment options. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/products/top-web-application-firewall-waf-vendors/
-
Imperva Named a Leader in Forrester Wave: Web Application Firewall (WAF) Solutions: A Continued Legacy of Excellence
In today’s digital-first environment, protecting web applications and APIs is a critical priority for businesses. Organisations seek trusted solutions that balance robust protection, scalability, and ease of use. It’s no surprise that Imperva has been named a Leader in the Forrester Wave: Web Application Firewall (WAF), Q1 2025. For us, this recognition further solidifies Imperva’s……