Akamai Diversity

The Akamai Blog

Recently by Or Katz

Or Katz

Or Katz

August 8, 2016 1:45 PM

A Year Later, Clearly "Blackhat SEO" is still Workin ...

A year ago Akamai's Threat Research Team exposed a "Blackhat Search Engine Optimization (SEO)" attack campaign. The goal of the campaign was to manipulate search engines rankings and grow visibility for a web site that allows users to share their cheating and infidelity stories.

Or Katz

Or Katz

February 1, 2016 1:12 PM

Changing the Rules of the Game

A common defensive rule of information security is that once you detect an attack against your organization's Web applications, you must mitigate the attack by stopping it. In other words: "stop it once you can." But what if the rules of the defenders vs. attackers "game" have changed and the teams are not playing in the same league anymore? For example, here are some of the "game" changers from recent

Or Katz

Or Katz

December 14, 2015 11:38 AM

Playing Hide and Seek In the Cloud

When we were young, we had fun playing hide and seek. As 5 year olds there were a limited number of places our friends could hide, and we could methodically check each one and then giggle when we found them. As we grew older, we expanded the boundaries of the game. Today, as security researchers, hide-and-seek is no longer so fun because the boundaries are nearly infinite. How do you

Or Katz

Or Katz

December 2, 2015 1:36 PM

Last of OWASP's Top 10 Still a Potent Threat

Open redirection is the last item on the OWASP Top 10, and it is considered a Web application functionality that can be used by attackers to redirect users from trusted domains to untrusted domains. But it is a potent problem, as Akamai's Threat Research Team discovered in their research on an unusual malicious SEO attack campaign that abused Web applications' open redirect functionality.

Or Katz

Or Katz

August 19, 2015 2:21 PM

The Real Story Behind Cheating Stories? Blackhat SEO

Search Engine Optimization (SEO) campaigns are prevalent and legitimate ways to promote web applications in order to get a better visibility and more traffic to your web application. But what happens when an SEO campaign crosses the line into the dark side and becomes malicious? Recently the Akamai Threat Research Team discovered a highly sophisticated SEO attack campaign that was promoting the search results rating for a web application

Or Katz

Or Katz

July 23, 2015 9:57 AM

How to Tell a Landscaper From a Thief

If I can see a person standing in front of a neighboring house inspecting the windows and the doors, should I call the police? Maybe it is the air-condition technician looking for the best place to install a new air-condition unit, or maybe it is a robber doing reconnaissance and checking what is the easiest way to get into the house. It is hard to tell! Now what if

Or Katz

Or Katz

May 29, 2015 6:17 AM

Mobilizing SQL Injection Attacks: Same Pig, New Lips ...

In the past years we have seen an increase in distributed attacks against web applications. By using many attacking resources to target the same destination, attackers are obscuring their identity while boosting attack bandwidth, placing a greater challenge to defensive forces. Most of the distributed attacks use "volumetric" methods such as Distributed Denial of Service (DDoS) or brute force techniques such as "slow and low" to attack web applications.

Or Katz

Or Katz

May 15, 2015 10:48 AM

OWASP AppSec Europe 2015

This Year AppSecEU will be hosted in Amsterdam, Netherlands 19 - 22 May and Akamai Threat Research Team will be on stage.

Or Katz

Or Katz

April 8, 2015 11:50 AM

Long Live the Botnet

Botnets are, in many ways, living organisms. They are formed by their creators - both malicious and benign - and then roam the internet. Much has been written about good and bad bots, but not much as been written about the lifecycle of the bot. Do Bots die? If so, when? What is the average life-span of a good bot? A bad bot?