Think you know what Web sites are running on your servers? So did we. Then we started testing Web application firewalls and saw requests coming in for a site we didn't recognize--and which, by the way, was vulnerable. We assumed a vendor had left old data on an appliance under test, but all the vendors we asked insisted this was not the case. So we did an NSLOOKUP, and lo and behold, discovered one of our programmers was running a nonprofit Web site on our development server.
|
|
Heed the voice of experience--if you want to know exactly what's going on with your Web servers, a Web application firewall, or WAF, is worth every penny. Available in software or appliance form, WAFs work at the application layer, using deep-packet inspection to reveal the inner workings of Web applications while thwarting attacks made possible by insecure programming.
We invited WAF appliance vendors to send gear to our Syracuse University Real-World Labs®. We specified that products must inspect HTTP traffic and make decisions at the application layer to detect and stop common Web attacks, including SQL injection, buffer overflows, form-field manipulation, session hijacking, path traversal and forceful browsing.
With the move to the cloud, CISOs must shift priorities from operating security programs to overseeing (monitoring and auditing) outsourced cybersecurity programs.
2022 was a boon year for IT salaries. 2023 came in like a beast with layoffs, raise freezes, and ChatGPT, but that beast has few teeth.
Age is only a number. Don't let a high number cancel your career.
