Application Security
Dependency mapping: A beginner’s guide
Organizations everywhere use open source to expedite development, lower costs, and improve performance. Our annual State of the Software Supply Chain reports consistently reaffirm that open source comprises up to 90% of ...
Educating the Next Cybersecurity Generation with Tib3rius
In this episode we explore the remarkable journey of Tib3rius, a web application hacking expert and content creator. In this engaging conversation, we discuss: Tib3rius’ passion for community education and content creation ...
Recent Vulnerabilities in Popular Applications Blocked by Imperva
Multiple vulnerabilities in popular and widespread applications have been disclosed recently, tracked as CVE-2023-36845, CVE-2023-40044, CVE-2023-42793, CVE-2023-29357, and CVE-2023-22515. These vulnerabilities, which affect several products and can be exploited to allow arbitrary ...
Why Cool Dashboards Don’t Equal Effective Security Analytics
Mark Twain once said, “Data is like garbage. You’d better know what you are going to do with it before you collect it.” This statement rings true in today’s cybersecurity landscape. Security ...
Navigating SAP Security Notes: October 2023 Patch Tuesday
SAP published seven new and two updated Security Notes for October 2023 Patch Tuesday. Relative to previous SAP Security Patch Day releases, this month’s release contains fewer patches overall and with lower ...
Protecting Against HTTP/2 Rapid Reset
Today, Google disclosed a zero-day vulnerability in the HTTP/2 protocol. Imperva collaborated proactively with Google to gain advanced insights into this vulnerability. After a comprehensive inspection of this vulnerability by Imperva’s Product ...
Configuring and Assigning SAP Authorizations in SAP Fiori Apps
SAP has been implementing a strategy for how users interact with its software for several years. Complex SAP applications are divided into role-based SAP Fiori apps to improve user-friendliness and enhance the ...
SAP Security Audit Log: Recommendations for Optimal Monitoring
The Security Audit Log allows SAP customers to monitor users with extensive authorizations. This is particularly useful for ensuring compliance with both internal security policies and external legal requirements. The SAP standard ...
Execution of Arbitrary JavaScript in Android Application
In this blog, we will learn about the possible ways to find cross-site scripting by abusing JavaScript in Android applications. Cross-site scripting (XSS) in an Android application occurs when an attacker successfully ...
The CVE-2023-5217 Deja Vu – Another Actively Exploited Chrome Vulnerability Affecting a WebM Project Library (libvpx)
By Ofri Ouzan & Yotam Perkal, Rezilion Security Research On September 27th, 2023 Google released an update including 10 security fixes. Notably, one of these fixes, identified as CVE-2023-5217, was highlighted for ...