[–] [deleted] 0 points 0 points (+0|-0) ago 



[–] Man1056 [S] 0 points 0 points (+0|-0) ago  (edited ago)


It played out like a real zero-day scenario. For 2 days, there was no acknowledgement or patch from Magento, and Magento sites were getting infected left and right (they still do). It turned out that it was not a zero-day vulnerability at the end (after 2 days of people asking each other, and utter confusion).

The article is about how to use a web application firewall to block an attack when you do not have an acknowledgment or a patch from the vendor. The idea in the article is to use characteristics of an attack to block further attacks - by using Web Application Firewalls.

A lot of website owners think a WAF is not a necessity. The article is trying to make a point that WAF is necessary.