Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Indusface WAS URL Verification - Metatag Method

Dec 22, 2023 By Indusface In Indusface
Verifying ownership is crucial when adding a new website to Indusface WAS. Before conducting a vulnerability scan on your website or app, confirming ownership of the application or domain is essential to prevent unauthorized access. For URL Verification on Indusface WAS, you can use any of the below methods: Learn how to verify your URL ownership using the Meta Tag method. This method provides a secure and efficient way to gain authorization before initiating scanning activities.
View Video
indusface

Apache Struts 2 Vulnerability CVE-2023-50164 Exposed

Dec 21, 2023 By Mohammed Ansari In Indusface
On December 7th, 2023, the Apache Struts project disclosed a significant vulnerability, CVE-2023-50164, in its Struts 2 open-source web framework. Rated at a critical CVSS score of 9.8, this flaw resides within the framework’s file upload logic. Exploiting this vulnerability empowers attackers to manipulate upload parameters, potentially leading to arbitrary file upload and, under specific conditions, code execution.
Read Post
indusface

LLMs, Quantum Computing, and the Top Challenges for CISOs in 2024

Dec 18, 2023 By Vinugayathri Chinnasamy In Indusface
Amidst the ongoing surge in cyber threats, CISOs are encountering increasing challenges in their responsibilities. During a recent CISO Panel Discussion on Application Security hosted by our CEO, Ashish Tandan, CISOs Kiran Belsekar from Aegon Life and Manoj Srivastava from Future Generali expressed concerns about managing security postures and shared actionable strategies to tackle evolving threats.
Read Post
indusface

Understanding the Zimbra Cross-Site Scripting Flaw (CVE-2023-37580)

Dec 18, 2023 By Pavan Bushan Reddy In Indusface
On November 16, 2023, Google’s Threat Analysis Group revealed an alarming vulnerability in Zimbra Collaboration—a reflected cross-site scripting (XSS) vulnerability assigned CVE-2023-37580. The Zimbra Collaboration Suite (ZCS) is a software platform that combines email, calendar, contacts, file sharing, and other collaboration tools into a single integrated package. The CVE-2023-37580 allows an attacker to inject a malicious script directly into the URL parameter.
Read Post

Live API Attack Simulation

Nov 29, 2023 By Indusface In Indusface
“We have an API gateway, and the strong authentication & authorization keeps us secure.” This notion could cost you a databreach, a compliance fine or even application downtime that may erode customer trust. In this webinar, Karthik Krishnamoorthy, CTO and Vivekanand Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.
View Video
indusface

API Security Standards and Protocols: A Primer

Nov 22, 2023 By Phani Deepak Akella In Indusface
Recent API breaches drive home the urgency of robust security. In the T-Mobile data breach, for example, the attackers exploited vulnerabilities in an API to compromise sensitive customer data. This incident exposed millions of users to potential identity theft and underscored the devastating impact of API security lapses. Infiltrating through the API, the attackers gained unauthorized access to customer records, emphasizing the need for comprehensive protection measures.
Read Post
indusface

DDoS Attack Mitigation Playbook for SOC and DevOps Teams

Nov 21, 2023 By Phani Deepak Akella In Indusface
One in two sites on AppTrana WAAP have faced a DDoS attack in the last 90 days. Most of those attacks were thwarted using a combination of machine learning on user behaviour and granular rate limits at URI, IP, and Geo levels. For SOC teams who don’t have an advanced behavioural DDoS mitigation tool like AppTrana at their disposal, this blog covers basic mitigation measures that can thwart the most simple and medium-severity DDoS attacks.
Read Post
indusface

Top 5 Fastly WAF Alternatives in 2023

Nov 9, 2023 By Vivek Gopalan In Indusface
Fastly WAF is a hybrid SaaS solution powered by Signal Sciences. With innovative features like context-based detection through SmartParse, it significantly reduces false positives. Fastly states on its website that over 90% of its WAAP deployments are configured in a blocking mode, a unique achievement matched only by AppTrana and Imperva within the WAAP market.
Read Post

B2B Firms & Compliance with The Digital Data Protection Act 2023 | Srikanth (CEO - Perfios)

Nov 7, 2023 By Indusface In Indusface
Overview: In this SaaSTrana podcast, Srikanth Rajagopalan (CEO - Perfios Account Aggregation Services (P) Ltd) talks to Venky about the importance of data security for B2B (SaaS) companies and the implications imposed by the Digital Data Protection Act 2023 in case of a data breach. Furthermore, Srikanth explains how focusing on data security can benefit organizations in the long run by giving them a competitive edge and building customer trust.
View Video
indusface

What is an API Gateway? - Definition, Benefits and Limitations

Nov 3, 2023 By Vinugayathri Chinnasamy In Indusface
An API Gateway is a mediator between the client and the collection of backend services. It accepts all API calls and routes them to one or more appropriate backend services. It doesn’t stop there; it aggregates appropriate data/ resources and delivers it to the user in a unified manner. Placed in front of the API/ group of microservices, the API gateway is the single-entry point for all API calls made to and executed by the app.
Read Post

Copyright © 2026 OpsMatters™. All rights reserved.