skip to Main Content

More Posts

Integrating the Ambassador Edge Stack with the Signal Sciences Web Application Firewall

With a new integration between the Ambassador Edge Stack, the most popular Kubernetes-native API gateway and Signal Sciences WAF, platform teams can now further…

Sick of high WAF costs?
So are we.

A rapidly growing theme for essentially every CISO I’ve been speaking with these days is: how do we get more…

Signal Sciences Introduces Advanced Rate Limiting for Fast, Easy Protection Against Advanced Web Attacks

Signal Sciences is excited to announce the availability of new advanced rate limiting features that extend our customers' ability to…

My Top Five Cyber Security Books

Over the last two years, I’ve read 25+ cyber security books to invest in understanding as many parts of our…

Web Application Security Without Organizational Resistance

As software-defined networks have replaced the monolithic, server-to-server communication paths of networks’ past, web application firewalls (WAFs) have become staples…

How Next-Gen WAF Empowers the DevOps Lifecycle

Signal Sciences next-gen WAF can send and receive data to and from a wide range of security and DevOps tools…

Preventing Server Side Request Forgery (SSRF)

Reflecting on the use of SSRF in the Capital One Breach One of the most notable breaches of 2019 was…

Application Layer Protection for Istio Service Mesh

Today, Signal Sciences announced another industry-first: the launch of our next-gen WAF integration with Istio service mesh. As development teams…

Protecting WebSocket Protocol Apps and APIs with Signal Sciences

The 4.2 release of the Signal Sciences agent introduces WebSocket traffic inspection, enabling customers to extend the coverage of applications,…

Security is a Shared Responsibility

One of the core tenets of National Cybersecurity Awareness Month this year is “Secure It.” But what is “it” exactly?…

Championing Visibility and Reducing Uncertainty with Effective Product Design

Sean Dillingham, Director of Product Design at Signal Sciences, has a mission: to make the best appl...

HTTP Request Smuggling Detections

I’m excited to announce the ability of Signal Sciences to detect HTTP Request Smuggling attempts! For customers implementing modern, multi-tiered…

Protecting Valuable Personal Health Information (PHI)

There’s no way around it: medical care impacts us all. Even in good health, we cannot predict accidents and emergency…

The 3-Layered Cake: Deploying Signal Sciences in Kubernetes

Examples of common install patterns of Signal Sciences in Kubernetes The Many Flavors of Kubernetes Recently I have found that…

Strengthening Your Defenses Against API Abuse

Application Programming Interfaces (APIs) are an intermediary framework that enable applications to communicate and exchange data with one another. As…

Keep Doing What You’re Doing!

I got this follow up text from a CISO I had dinner with last night and it’s a fitting message…

Virtual Patching the Signal Sciences Way

Virtual Patches: Security Duct Tape Let’s get serious for a minute. Virtual Patching is Cyber duct tape. Originally coined by…

Real-time Web Layer Threat Investigation and Remediation with Cisco Threat Response

The Challenge of Limited Web Layer Attack Visibility Over the past decade we’ve seen companies of al...

Signal Sciences Launches Next-Gen WAF Support for Envoy

Today we’re excited to announce that we’ve broadened our integrations by supporting Envoy in limited...

Signal Sciences Launches Cloud WAF for Easy Web Application Security

Today we are proud to announce the launch of the new Signal Sciences Cloud Web Application Firewall ...

The Ugly Truth of Retail Fraud and Account Takeovers

Human nature can be very ugly to witness, especially when the resulting damage is self-inflicted. Th...

Testing CVE Mitigation in Web Apps

 

Modern Software Architectures Require Modern Web Security

There’s just no way around it: legacy web application firewalls are struggling to keep up in a lands...

Modern Web Security Meets Modern Load Balancing with NGINX

NGINX Certifies Signal Sciences Dynamic Module DevOps, microservices, hybrid and multi-cloud are fue...

A Visual Guide to Cloud Native Security Challenges

Security industry reports are great at providing necessary context around complex topics. We read pl...

The WAF Appliance Struggle is Real in a Cloud Native World

The Trabant, a once popular car in the former Eastern Germany, is emblematic of both inferior techno...

Protecting Financial Applications at Scale

Picture this: you’ve found the perfect home, but need financing. You select a lender online and begi...

Visualizing Attack and Signal Trends Across Your Sites

We’re excited to announce the launch of the new overview page for your entire organization. As the c...

Cloud Native Security Challenges and Opportunities

Cloud computing is often the cornerstone of digital transformation efforts, and with the growth of c...

Expanding Power Rules with Shareable Lists

‘Tis the season of cool. Cooler temperatures, cool gifts, and cool holiday sweaters. To stay on them...

Seven Ways to Deploy Signal Sciences in Kubernetes

Sports coaches used to rely on paper playbooks to review strategy with their teams. Now, many levera...

Why Customers Choose Signal Sciences

We ask our customers early and often why they chose us as their next-gen WAF and RASP technology of choice.…

Delivering a better WAF—Faster

At Signal Sciences, we’re in the business of reimagining the WAF and our purpose is to redeem the goal it…

Surfacing Key Indicators of Account Takeovers

  Account takeover (ATO) is a threat to any organization that conducts financial or e-commerce trans...

The Pros and Cons of RASP in 8 Minutes

There are two concerning data points in application security today. First, the Verizon Data Breach I...

Dear RASP: We Need to Talk About the Friction in Our Relationship

Dear RASP, It is finally time for me to write you this letter. When we first met you were something…

Listening to Web Attacks Remixed!

Early last year I published a fun tool called sigsci-sounds for users of Signal Sciences — my prior ...

Moar Platform Support: Signal Sciences is Now Available on Kong Hub for Microservices, API, and Serverless Support

The rise of the API Gateway In the dramatic shift to microservices and APIs to speed up development ...

Security’s Shift Right

Software development has gotten tricky. If you have been in the DevOps game in the past few years, t...

Aggregate Availability Check with Signal Sciences Data

Having the privilege to work with so many great enterprise customers has its benefits. One great benefit is you are…

Auditing Signal Sciences Configuration

Signal Sciences offers tremendous capabilities to defend web applications. I’m not talking just abou...

Introducing go-sigsci: A Go library for the Signal Sciences API

Signal Sciences was built with an API-first design from day one, meaning you can get to all of the d...

Introducing New Product Features: Power Rules and Network Learning Exchange (NLX)

We've just come out of our bi-annual company meeting held at HQ in Culver City, CA and we have excit...

Proactive Update Around the Health of your Signal Sciences Deployment

Signal Sciences Agent Monitoring In your efforts to defend your network and applications, deploying ...

Capturing Request Logs From Signal Sciences

Logs are important. We need them to investigate, monitor, and analyze. In cybersecurity we have many...

New Event Timeline Helps Teams See Detailed Insights Into Blocked Attacks

Here at Signal Sciences, our Product and Technology teams adhere to three core product principles fo...

Three Ways Legacy WAFs Fail

Ah, the WAF. You might know it by its street name: the web application firewall. It’s a long standin...

RASP Value Is Security Coverage

As an former engineer, I am biased towards getting excited around toys that blink, light up, and are...

Go Development Tools for Testing and Hot Reloading

Those new to the Go language (golang) often are excited about the simplicity, speed and portability ...

Securing Microservices and APIs with NGINX and Signal Sciences

A shift is happening in the tech industry: monolithic web applications are being decomposed into mic...

0 to 100 mph: Accelerating Visibility for Application Security

In a drag race, how quickly you get off the line sets the tone for the race. From there it is all ab...

Business Logic Flaws

  Protect Your Unique Snowflake from the Dark Side  I haven’t always been a “business” guy. As a mat...

‘Security is not a Binary Event’ and other Truisms of Modern Security

  Off. On. Hacked. Not hacked. Safe. Vulnerable. It is easy to think in these terms because it allow...

Web Application Security: The New Way Forward

The Web Application Firewall (WAF). It’s tech that never really was. That statement might upset some...

About Signal Sciences Labs

Signal Sciences Labs is the research and tech behind Signal Sciences and their Next-Gen Web Applicat...

System Clock Skewed? Read this Post, Especially if You Don’t Have Time

“Time keeps on slippin’ slippin’ slippin’, into the future” -“Fly Like An Eagle”, The Steve Miller B...

Why Logs aren’t Enough for Security

Logs. We love them. We hate them. We can’t collect enough of them. We collect too many. We save them...

Using Signal Sciences with Kubernetes

One of the questions I hear regularly from customers is how to include Signal Sciences with some of ...

Listening To Web Attacks

Note: this tool has been updated from the details below. Read the updated 2018 information on sigsci...

Getting Started With HoneyPy — Part 3

In my last post, Getting Started With HoneyPy — Part 2, I covered honeypot services and HoneyPy’s se...

Getting Started With HoneyPy — Part 2

source In my last post, Getting Started With HoneyPy — Part 1, I covered getting HoneyPy up and runn...

Getting Started With HoneyPy — Part 1

In my last post, Introduction to HoneyPy & HoneyDB, I covered the basics of honeypots and provided a...

Understand Your Risk with Data

Unmodified Original Comic : Scott Adams The operative word in the definition of risk is potential. P...

Hacking the Hard Way at the DerbyCon CTF

DerbyCon in Louisville is one of those conferences that you have to go back to every year. While the...

How to Setup Vim for Golang Development

At Signal Sciences we use golang for just about everything. I thought I would write about my local v...

Introduction to HoneyPy & HoneyDB

Last week, I discussed HoneyPy and HoneyDB at Blackhat and Defcon. This week I wanted to dive a bit ...

What is the Difference Between NGWAF, WAF, and RASP?

July 28, 2016 — Lunch & Learn Webinar with Signal Sciences Another Signal Sciences’ Lunch and Learn ...

Avoiding the Dystopian Road in Software

the future… it probably won’t look like this. image credit Security is a largely unchanged area in I...

The Next Frontier of DevOps: Security

the future! it probably wont look like this…  source Security is the next frontier of DevOps. Its a ...

Classy up your curl with curl-trace

We don’t always curl.. but when we do, we curl-trace. image source Here at Signal Sciences we enjoy ...

More Silo Smashing Ideas, bringing InfoSec and DevOps together

Silo Smashing! (source http://ports.co.za/admin/large/image-587.jpg) Last week I wrote an article on...

Silo Smashing and Feedback Loop Amplification

Photo Credit: MSNBC Media I have reached the age where friends are getting roles like CISO or Direct...

InfoSec Confession: We protect the wrong things and we slow everything down

One of the secrets of InfoSec is that while we are spending a lot of resources on security professio...

Why DevOps and Product Teams Hate Web Application Firewalls

Welcome to WAF Jeopardy — Where you have the answers and we ask the questions! Here’s some security ...

Security Visibility: If You Can’t See ’Em, You Won’t Stop ‘Em!

Brought to you by Signal Sciences.

DevOps and continuous delivery: Everything you need to know

There are a lot of terms thrown around in modern IT and software engineering organizations DevOps, c...
Back To Top