Category Archives: Security Advisory

Security Monitoring Saves the Day

Security Monitoring Saves the Day

For the second week of  National Cyber Security Awareness Month, we would like to focus on a very important part in having a good website security posture: monitoring.

How can security monitoring save your day?

Most people only care about their website security after something bad has already happened. However, how can you tell when something is attempting to harm your website? Sometimes it is a very noticeable issue, such as:

  • website defacement – when the home page of the website is wiped out and something else appears in front of the visitor’s eyes;
  • unresponsive website – when the website pages respond too slowly or stop loading at all;
  • SEO spam – when the website listing in search engines shows unrelated spam keywords, often pharma keywords; or
  • a website blacklist warning – when a red warning page shows all your visitors that the website they are about to go to is not secure.

Continue reading Security Monitoring Saves the Day at Sucuri Blog.

OWASP Top 10 Security Risks – Part I

OWASP Top 10  Security Risks – Part I

It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we would like to start a series of post on the OWASP top 10 security risks.

OWASP stands for the Open Web Application Security Project, an online community that produces articles, methodologies, documentation, tools, and technologies in the field of web application security.

OWASP Top 10 is the list of the 10 most seen application vulnerabilities.

Continue reading OWASP Top 10 Security Risks – Part I at Sucuri Blog.

October Cybersecurity Month

October Cybersecurity Month

Since 2003, October has been recognized as National Cybersecurity Awareness Month. It is an annual campaign to raise awareness about the importance of cybersecurity and being a better digital citizen.

October has just started and a majority of security companies are promoting internet security. With the holidays fast approaching, it is a crucial time for website owners, especially ones with an e-commerce website, to be cyber secure.

The end of the year is also the season when hackers try to profit the most.

Continue reading October Cybersecurity Month at Sucuri Blog.

PCI for SMB: Requirement 7 & 8 – Implement Strong Access Control Measures

PCI for SMB: Requirement 7 & 8 – Implement Strong Access Control Measures

This is the fifth post in a series of articles on understanding the Payment Card Industry Data Security Standard – PCI DSS. We are halfway there! In the previous articles about PCI, we covered the following:

  • Requirement 1: Build and Maintain a Secure Network – Install and maintain a firewall configuration to protect cardholder data.
  • Requirement 2: Build and Maintain a Secure Network – Do not use vendor-supplied defaults for system passwords or other security parameters.

Continue reading PCI for SMB: Requirement 7 & 8 – Implement Strong Access Control Measures at Sucuri Blog.

SSL vs. Website Security

SSL vs. Website Security

Having a website today is way easier than it was 10 or 15 years ago. Tools like content management systems (CMS), website builders, static site generators and alike remove a lot of the friction around building and maintaining sites. But, is there a price for such convenience?

I would dare to say that one of the downsides to bringing such facilities to the masses is the creation of misconceptions. The biggest misconception is about what makes a website secure versus not secure.

Continue reading SSL vs. Website Security at Sucuri Blog.

E-Commerce Security – Planning for Disasters

E-Commerce Security – Planning for Disasters

This is the last post in our series on E-commerce Security:

  • Intro to Securing an Online Store – Part 1
  • Intro to Securing an Online Store – Part 2

Today, let’s expand on some of the suggestions made during a webinar I hosted recently about steps you can take to secure your online store.

So far in this series, we have touched on how to identify potential risks and how to defend against threats via WAF technologies.

Continue reading E-Commerce Security – Planning for Disasters at Sucuri Blog.

PCI for SMB: Requirement 5 & 6 – Maintain a Vulnerability Management Program

PCI for SMB: Requirement 5 & 6 – Maintain a Vulnerability Management Program

This is the fourth post in a series of articles on understanding the Payment Card Industry Data Security Standard – PCI DSS. We want to show how PCI DSS can help anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires). In the previous articles we have written about PCI, we covered the following:

  • Requirement 1: Build and Maintain a Secure Network – Install and maintain a firewall configuration to protect cardholder data.

Continue reading PCI for SMB: Requirement 5 & 6 – Maintain a Vulnerability Management Program at Sucuri Blog.

How to Improve Your Website Security Posture – Part II

How to Improve Your Website Security Posture – Part II

In the first post of this series, we discussed some of the main website security threats. Knowing the website security environment is a vital part of a good website posture. However, it is also important to be aware of what to do to strengthen your website.

Today, we are going to give you some practical tips on how to improve your website posture.

As a website owner, we highly recommend using the principle of least privilege. It is a computer science principle which can be applied to every level in a system and the benefits strengthen your website security posture.

Continue reading How to Improve Your Website Security Posture – Part II at Sucuri Blog.

How to Improve Your Website Security Posture – Part I

How to Improve Your Website Security Posture – Part I

Have you ever wondered if your website security posture is adequate enough?

The risk of having a website compromise is never going to be zero. However, as a webmaster, you can play an important role in minimizing the chances of a website hack. A good security posture entails how to understand the importance of securing a website and how to implement security measures.

Correcting a poor security posture means recognizing problems that you might not notice.

Continue reading How to Improve Your Website Security Posture – Part I at Sucuri Blog.