Your new post is loading...
In its latest Hacker Intelligence Initiative report, Imperva analyzes remote and local file inclusion (RFI/LFI) attacks as favored by LulzSec.
===> Imperva suggests a number of ways to mitigate against RFI/LFI attacks. These include finding your own vulnerabilities using the same methods as the hackers: dorking (otherwise known as ‘Google hacking’, which uses the search engines to find hints of possible vulnerabilities); and the use of both commercial and free vulnerability scanners. <===
Also useful would be a web application firewall (WAF) and blacklisting known attacks IPs. The report also notes that the application code can be written to exclude RFI attacks, so detailed code review is advisable.
