Resources

Securing Web Applications and Databases for PCI Compliance

This paper, designed for security and compliance professionals, illustrates how to achieve compliance on three of the most costly and complex sections: requirements 3, 6, and 10 of PCI DSS. This paper also highlights how Web application and database appliances can deliver resource effective compliance while maintaining cost efficiency.

Understanding Web 2.0: Technologies, Risks and Best Practices

Feature rich and interactive Web 2.0 portals can lure customers and increase sales, but without effective security, they can be a hacker's paradise, exposing your business and customers to data theft. This technical brief details the security challenges inherent in Web 2.0 frameworks, including Ajax, collaboration, RSS feeds, and mashups. It also describes best practice techniques and tools to secure your Web 2.0 infrastructure without impacting existing development resources or your site's performance.

Database Security Assessment

The information in this paper helps organizations take the first step toward securing their databases through best practice security assessment. The paper outlines the elements of a best practice database security assessment process and identifies where it fits within a complete database security lifecycle. It also includes brief introductions to the Scuba by Imperva Database Vulnerability Scanner and the SecureSphere Database Security and Monitoring Gateways.

The Hidden Costs of Free Database Auditing

Native database auditing mechanisms are not as inexpensive as they might seem. This paper compares the costs of native database auditing with SecureSphere for a midsized IT datacenter.

The New PCI Requirement: Application Firewall vs. Code Review

The new Payment Card Industry Data Security Standard version 1.1 (PCI DSS v1.1) released in September 2006 contains a brand new Web application security requirement #6.6. This requirement gives you a choice – you can have your code reviewed by an external company or you can install a Web Application Firewall. This paper details the PCI 6.6 requirement, the issues, the products involved, and the costs associated with choosing a code review versus selecting an application firewall.

What Auditors Want – Database Auditing

Give your auditors what they want – the way they want it – with zero impact to your database and staff. Learn the top 5 key requirements for database auditing for SOX, PCI, HIPAA and other regulations. Understand the options to native database logging of Web-based applications, such as Oracle E-Business Suite, PeopleSoft or SAP. Learn more about what auditors want for compliance, so you can make informed choices and deliver.

Imperva Data Security and Compliance Lifecycle

SOX and other regulatory legislation are increasingly expanding formal enterprise audit processes to include information technology (IT) assets, especially databases. Imperva's Data Security and Compliance Lifecycle provides step-by-step best practices for implementing database controls and web application security.

SecureSphere Web Application Security Whitepaper

This paper provides an analysis of the Web and Web services threat environment, followed by a description of how Imperva's SecureSphere™ Web Application Firewall provides a comprehensive and completely automated platform for securing these important IT assets.

SecureSphere Database Security Whitepaper

This paper provides an analysis of the database threat environment, followed by a description of how Imperva's SecureSphere™ Database Security Gateway provides an automated platform for usage assessment, audit and protection for enterprise databases.

The Top 5 On-Line Identity Theft Attacks

When digital thieves impersonate authorized users, everyone loses. On-line identity theft by insiders and outsiders can cost millions in fraud, fines, lawsuits, and customer attrition. Unfortunately, even sophisticated solutions, such as two-factor authorization, can be fooled by digital identity theft attacks. The good news is there are 5 commonly used methods for on-line identity theft. Defend against these, and you will have greatly increased the security of your on-line web application.

Top 10 Database Hacks and How to Stop Them

Corporate databases contain the crown jewels of an organization, which means a break-in, by insiders or outsiders, can cost millions in fines, lawsuits, and customer attrition. The good news is there are 10 commonly used methods to attack databases. Defend against these, and you will have a highly secure database.

SecureSphere SQL Injection Protection Whitepaper

This white paper demonstrates various techniques that can be used to evade SQL injection signatures, and explains why it is not possible to adequately protect an application against SQL injection using signatures alone. The paper also illustrates how SecureSphere can identify and block SQL Injection attacks, even those implementing sophisticated evasion techniques that would fool signature-based security products.

Imperva ROI Whitepaper

When vulnerabilities are discovered in production applications, businesses are forced to implement emergency fixes in custom business applications or install vendor patches to commercial software packages. This paper describes how SecureSphere enables companies to cut costs by reducing or eliminating emergency fix and test cycles.