In our last post in this series, we took a look at a code snippet that had been encoded in a very specific way — and hidden 91 layers deep. Today, we’ll reveal how attackers achieve this level of encoding…
Migrating your website to HTTPS may seem like a simple task. Get the TLS/SSL certificate, install it on your web server, and you’re done. The real pain for large projects, however, is changing http:// resources to https://. These resources include images,…
A web application firewall (WAF) is a great way to detect and filter incoming malicious requests before they can exploit website vulnerabilities and security flaws. While a WAF helps protect against threats over HTTP/HTTPS, the website can still be hacked…
It’s no secret that a CMS without support will develop vulnerabilities. Eventually, these lead to a compromised website — which cripples any ecommerce business. When you consider the popularity of the Magento ecommerce platform, it’s easy to see how their…
The United States National Institute of Standards and Technology (NIST) has created a framework for improving critical infrastructure cybersecurity, referred to as the NIST Cybersecurity Framework. The main objective of this framework is to offer organizations a list of items…
When California passed an online privacy law that will take effect on Jan. 1, 2020, it made me think about a user’s responsibility when it comes to how we engage online. As online privacy starts to become a larger discussion,…
Website hardening means adding layers of protection to reduce the risk of website attacks, a process known as “defense in depth.” Here are our top 10 virtual hardening principles: 1 – Keep your website updated Every single piece of software…
There’s an issue with how some people define the word “hacker.” For some, it’s a word synonymous with “cybercriminal,” but not in the infosec community. White hat hackers (the good guys) are the ones who find security issues so they…