OWASP Top 10 Security Risks – Part V

http://feedproxy.google.com/~r/sucuri/blog/~3/n_c-rH0VcRw/owasp-top-10-security-risks-part-v.html
To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks. The OWASP Top 10 list consists of the 10 most seen application vulnerabilities: Injection Broken Authentication Sensitive data exposure XML External Entities (XXE) Broken Access control Security misconfigurations Cross Site Scripting (XSS) Insecure Deserialization Using Components with known vulnerabilities Insufficient logging and monitoring In our previous posts, we explained the first eight items on the OWASP Top 10 list. Continue reading OWASP Top 10 Security Risks – Part V at Sucuri Blog.

Free SuperCounters Widget Serves Unwanted Redirects to Dating Site

http://feedproxy.google.com/~r/sucuri/blog/~3/rLlgvCjKfRg/free-supercounters-widget-serves-unwanted-redirects.html
If we navigate way back into the recesses of our memory to the era of GeoCities websites and MySpace pages, we might distinctly recollect the popularity of the visitor-counting widget. Commonly displayed on homepages across the web, these widgets served as credibility indicators to help site visitors identify the popularity of a website. While this feature may have gone out of vogue with current website design trends and advanced analytics tools, they also fell out of favor for bad behavior – from stealing traffic and redirections to planting trojans and malware. Continue reading Free SuperCounters Widget Serves Unwanted Redirects to […]

How to Improve Your Website Resilience for DDoS Attacks – Part III – WAF

http://feedproxy.google.com/~r/sucuri/blog/~3/1rnnYMeifyo/how-to-improve-your-website-resilience-for-ddos-attacks-part-iii-waf.html
In the first post of this series, we talked about the practices that will optimize your site and increase its resilience to DDoS attacks. In the second post, we focused on caching best practices that can reduce the chances of a DDoS attack taking down your site. Today, we are going to emphasize the importance of having a Web Application Firewall. What is a Web Application Firewall? A web application firewall (WAF) is a firewall that filters, monitors, and blocks HTTP/HTTPS traffic to and from a web application. Continue reading How to Improve Your Website Resilience for DDoS Attacks – […]

OWASP Top 10 Security Risks – Part IV

http://feedproxy.google.com/~r/sucuri/blog/~3/E9jgMvYCQw8/owasp-top-10-security-risks-part-iv.html
To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks. The OWASP Top 10 list consists of the 10 most seen application vulnerabilities: Injection Broken Authentication Sensitive data exposure XML External Entities (XXE) Broken Access control Security misconfigurations Cross-Site Scripting (XSS) Insecure Deserialization Using Components with known vulnerabilities Insufficient logging and monitoring In our previous posts, we explained the first six items on the OWASP Top 10 list. Continue reading OWASP Top 10 Security Risks – Part IV at Sucuri Blog.

New Year Tips from Security Professionals

http://feedproxy.google.com/~r/sucuri/blog/~3/_HScAN-gd1E/new-year-tips-from-security-professionals.html
Have you included website security as a part of your new year’s resolutions for 2019? Here is a quick retrospective on tips some of our team members shared with us throughout the year. The cost for neglecting security is 10 times greater than the effort to keep it safe. Your brand value takes 10 times as long to be recovered than to build it. Make sure to follow security best practices to protect your web assets. Continue reading New Year Tips from Security Professionals at Sucuri Blog.

My Website Was Hacked on Christmas Eve

http://feedproxy.google.com/~r/sucuri/blog/~3/swgSC61tdaY/my-website-was-hacked-on-christmas-eve.html
Christmas is a wonderful time to spend with family and friends. A lot of kids look forward to opening their presents under the Christmas tree, but not all of them have a present to open. This is why our family started a charity project in 2007 called the Shoebox Project. A few years later, my wife suggested that I create a website to help us spread the word of how people could fill a shoebox with gifts and bring it into a collection center. Continue reading My Website Was Hacked on Christmas Eve at Sucuri Blog.

Sucuri Named December 2018 Gartner Customers’ Choice for Web Application Firewalls

http://feedproxy.google.com/~r/sucuri/blog/~3/bM7LVCzCFaY/sucuri-named-gartner-customer-choice-waf.html
The Sucuri team is excited to announce that we have been recognized as a December 2018 Gartner Peer Insights Customers’ Choice for the Sucuri Firewall. Our team takes great pride in this distinction, as customer feedback continues to shape our products and services. In its announcement, Gartner explains, “The Gartner Peer Insights Customers’ Choice is a recognition of vendors in this market by verified end-user professionals, taking into account both the number of reviews and the overall user ratings.” To ensure fair evaluation, Gartner maintains rigorous criteria for recognizing vendors with a high customer satisfaction rate. Continue reading Sucuri Named […]

Clever SEO Spam Injection

http://feedproxy.google.com/~r/sucuri/blog/~3/JpeflwrmRLg/clever-seo-spam-injection.html
It’s very common for us here at Sucuri to face SEO injections on almost any type of CMS-based site. Today, I’ll be presenting how one particularly ingenious malware manages to hide so well inside a WordPress website. The Traditional Approach There are two common approaches attackers use to inject SEO spam on websites: Injecting HTML code for concealed elements in theme files Injecting fake spam posts in the WordPress database Both approaches are readily found during Sucuri’s routine remediation process. Continue reading Clever SEO Spam Injection at Sucuri Blog.

Naughty or Nice Websites

http://feedproxy.google.com/~r/sucuri/blog/~3/-8MpJYMQt-c/naughty-or-nice-websites.html
Santa Claus is coming! Was your website naughty or nice this year? Here is a quick checklist of the top 10 bad things that can harm your website security and the top 10 good things that can improve your website security. Naughty Websites List If your website falls into any of these categories, this is the perfect time of year to start thinking about improving your security posture. 1 – My website has outdated software. Continue reading Naughty or Nice Websites at Sucuri Blog.

OWASP Top 10 Security Risks – Part III

http://feedproxy.google.com/~r/sucuri/blog/~3/vzt652EA6XA/owasp-top-10-security-risks-part-iii.html
To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks. The OWASP Top 10 list consists of the 10 most seen application vulnerabilities: Injection Broken Authentication Sensitive data exposure XML External Entities (XXE) Broken Access control Security misconfigurations Cross Site Scripting (XSS) Insecure Deserialization Using Components with known vulnerabilities Insufficient logging and monitoring In our previous posts, we explained the first four items on the OWASP Top 10 list. Continue reading OWASP Top 10 Security Risks – Part III at Sucuri Blog.