#jobs #incident #vulnerability #patch-management #security-tools #ai #detection-engineering #exploit #malware #cloud #breach #phishing #ransomware #zero-day #authentication
Articles tagged with: #waf Clear filter
Setting up a custom Auth Flow with Foundry

Setting up a custom Auth Flow with Foundry

CrowdStrike www.reddit.com

Does anyone have experience setting up an integration with a custom auth schema? For reference, I'm trying to get the Akamai WAF template that CS provides OOTB working, but since Akamai only accepts authentication via EdgeGrid and not basic or oauth2, the app breaks when I try to run it. I've tried using functions as a workaround with python, but I get an error saying "the function is too complex". Am I missing something or is this template just deprecated? submitted by /u/Xboxecho123 [link]...

#authentication #waf
Will moving to a less technical position hurt my career?

Will moving to a less technical position hurt my career?

cybersecurity www.reddit.com

I'm currently a security engineer at a healthcare provider in my region. It's a company that everyone in the country knows, but absolutely nobody outside has heard of. My job is quite flexible and relatively technical. My day-to-day involves maintaining and configuring WAF, XDR, NDR, and some AppSec work. I received an offer from one of the largest banks in Europe for a senior AppSec position. I'll have to move to a HCOL region, but the salary compensates - net I'd receive more than currently,...

#xdr #waf #ndr
Tackling the Modern WAF Challenge: Why Managed WAAP Is the Key to Effective Application Security

Tackling the Modern WAF Challenge: Why Managed WAAP Is the Key to Effective Application Security

LevelBlue Blogs levelblue.com

Organizations today face a continuous struggle to secure their web applications against threats that constantly evolve in the fast-paced digital landscape. The Web Application Firewall (WAF) serves as a primary line of defense against these threats; however, its management challenges often outweigh its security benefits, resulting in organizations not realizing the full value of their security investment. The Reality of Managing a WAF Organizations use WAFs to stop SQL injections, cross-site...

#waf
I hate GCP's cloud armor [or am I just incompetent?]

I hate GCP's cloud armor [or am I just incompetent?]

cybersecurity www.reddit.com

Hey folks, whenever I'm trying to implement a new pre-configured attack rule, I get a ton of false positives. Messing around with the sensitivity, whitelisting random parameters in the pre-configured rules, and keeping a constant eye on logs is taking me too much time to actually implement this WAF in our production. Am I doing anything wrong? How do you folks approach this? Anyone found any ways to automate this god-awful process? submitted by /u/Ok-Article-5521 [link] [comments]

#cloud #incident #gcp #waf
Researchers Bypassed Web Application Firewall With JS Injection with Parameter Pollution

Researchers Bypassed Web Application Firewall With JS Injection with Parameter Pollution

Cyber Security News cybersecuritynews.com

Cybersecurity researchers have demonstrated a sophisticated technique for bypassing Web Application Firewalls (WAFs) using JavaScript injection combined with HTTP parameter pollution, exposing critical vulnerabilities in modern web security infrastructure. The research, conducted during an autonomous penetration test, revealed how attackers can exploit parsing differences between WAF engines and web application frameworks to execute malicious code

#vulnerability #incident #exploit #red-team #waf
Looking for feedback on an open source tool for multiple WAF management like Cloudflare, AWS and Azure

Looking for feedback on an open source tool for multiple WAF management like Cloudflare, AWS and Azure

cybersecurity www.reddit.com

A few months ago, managing WAFs across AWS, Cloudflare, and Azure was a nightmare. Every new CVE meant subscribing to multiple feeds, writing rules, testing them, and deploying carefully. I decided to automate it. The solution: Pull CVEs from all major threat feeds automatically Generate WAF rules for each platform Test rules in a sandbox before deployment Deploy to AWS WAF, Cloudflare, Azure, and more I have attached my github repo and looking forward to hear the feedback from you all....

#aws #security-tools #vulnerability #azure #waf
DV, OV and EV TLS Certificates

DV, OV and EV TLS Certificates

cybersecurity www.reddit.com

We have a few public-facing applications being proxied through our WAF ( Cloudflare), and hence Cloudflare provides and manages the TLS certificate for encrypting traffic between the Cloudflare servers and end-user browsers. We make use of a paid CA service that issues us publicly trusted TLS certificates that we use to encrypt traffic between the origin server and Cloudflare network. Instead of having to pay for these certificates, we were thinking of replacing them with Lets Encrypt...

#certificate #tls #waf
Job Opportunities

Job Opportunities

cybersecurity www.reddit.com

I have two job opportunities. One as a security reviewer that has number of vendors working under you that will do VAPT,DLP and SOC that gives you reports and you have to review applications, WAF & Firewall and involve stakeholders to remediate or as Senior Network Security Lead at Accenture who will be working on Firewalls, WAF & AWS Security. What would be the best for future career? I have 7 years of experience. submitted by /u/Pristine_Tale_4459 [link] [comments]

#aws #network-security #waf #dlp
Cybersecurity career doubts - worth sticking with it long term?

Cybersecurity career doubts - worth sticking with it long term?

cybersecurity www.reddit.com

I'm currently working as a SecOps Engineer with hands-on experience in Qualys, CrowdStrike, Cloudflare WAF, SentinelOne, and a few other tools. Graduated last year and landed my first cybersecurity job this year. Now that I've got around 6 months in the field and as a fresher the pay is less, I'm kind of second guessing myself. Sometimes I feel like switching to AI/ML, sometimes tech sales, sometimes something completely different. For those who've been in cybersecurity longer.. if I stick with...

#waf
SafeLine: A Free Zero Trust Web Application Firewall for 2026

SafeLine: A Free Zero Trust Web Application Firewall for 2026

Cyber Security News cybersecuritynews.com

Every type of organization - whether it's a multinational giant with thousands of employees or a single tech enthusiast running a homelab - needs a web application firewall (WAF). The reason is straightforward: web applications face constant threats from cyber attacks that can exploit vulnerabilities to steal data, disrupt services, or damage reputation. The costs associated with server resources,

#vulnerability #incident #exploit #zero-trust #waf