Over 100 million people affected in Capital One’s breach, 147 million in Equifax – two of the biggest in an ever-growing line-up of attacks through web application firewalls that are used to protect consumer-facing apps. Here, Eyal Wachsman, CEO of Cymulate and Will LaSala of OneSpan share their insights…
Eyal Wachsman, CEO of Cymulate, believes the problem lies in the failure to make minor configuration improvements which leads to catastrophic consequences. For Equifax, that cost is now estimated at $1.4B;
“When not configured properly, attackers may be able to perform SQL injections, arbitrary command injections and other attacks such as xss. When successful, these attacks enable threat actors to bypass the WAF reaching the applications back-end server or dumping the database of the application. With Capital One, the misconfiguration enabled the attacker to use three commands to access, list and copy or sync the folders. If configured properly the WAF would have blocked these commands.”
Click below to read the full article from The Fintech Times: