Category Archives: Security Advisory

Naughty or Nice Websites

Naughty or Nice Websites

Santa Claus is coming! Was your website naughty or nice this year?

Here is a quick checklist of the top 10 bad things that can harm your website security and the top 10 good things that can improve your website security.

Naughty Websites List

If your website falls into any of these categories, this is the perfect time of year to start thinking about improving your security posture.

1 – My website has outdated software.

Continue reading Naughty or Nice Websites at Sucuri Blog.

OWASP Top 10 Security Risks – Part III

OWASP Top 10  Security Risks – Part III

To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.

The OWASP Top 10 list consists of the 10 most seen application vulnerabilities:

  1. Injection
  2. Broken Authentication
  3. Sensitive data exposure
  4. XML External Entities (XXE)
  5. Broken Access control
  6. Security misconfigurations
  7. Cross Site Scripting (XSS)
  8. Insecure Deserialization
  9. Using Components with known vulnerabilities
  10. Insufficient logging and monitoring

In our previous posts, we explained the first four items on the OWASP Top 10 list.

Continue reading OWASP Top 10 Security Risks – Part III at Sucuri Blog.

Sucuri Blog: OWASP Top 10 Security Risks – Part III

OWASP Top 10  Security Risks – Part III

To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks.

The OWASP Top 10 list consists of the 10 most seen application vulnerabilities:

  1. Injection
  2. Broken Authentication
  3. Sensitive data exposure
  4. XML External Entities (XXE)
  5. Broken Access control
  6. Security misconfigurations
  7. Cross Site Scripting (XSS)
  8. Insecure Deserialization
  9. Using Components with known vulnerabilities
  10. Insufficient logging and monitoring

In our previous posts, we explained the first four items on the OWASP Top 10 list.

Continue reading OWASP Top 10 Security Risks – Part III at Sucuri Blog.



Sucuri Blog

Navigating Data Responsibility

Navigating Data Responsibility

As we take a step back and think about how much the Internet has grown over the past 20 years, we realize how much content/data has been made available to everyone.

Moving forward, there’s no reason to expect data availability to slow down. In fact, insideBIGDATA claims:

There are many sources that predict exponential data growth toward 2020 and beyond. Yet they are all in broad agreement that the size of the digital universe will double every two years at least, a 50-fold growth from 2010 to 2020.

Continue reading Navigating Data Responsibility at Sucuri Blog.

A Scam-Free Cyber Monday for Online Businesses

A Scam-Free Cyber Monday for Online Businesses

Every year we see an increase in website attacks during the holidays. 

While business owners see their sales go up due to promotional Black Friday and Cyber Monday campaigns, hackers are in the background working nonstop to create malicious, fraudulent websites as well as take advantage of legitimate ones.

Main Cyber Monday Threats
Phishing Pages

One of the major risks to consumers is phishing campaigns.

Carefully crafted phishing login pages convince users they are logging into a valid service.

Continue reading A Scam-Free Cyber Monday for Online Businesses at Sucuri Blog.

PCI for SMB: Requirement 9 – Implement Strong Access Control Measures

PCI for SMB: Requirement 9 – Implement Strong Access Control Measures

Welcome to the sixth post of a series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show how PCI DSS affects anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires).

In the previous articles written about PCI, we covered the following:

  • Requirement 1: Build and Maintain a Secure Network – Install and maintain a firewall configuration to protect cardholder data.
  • Requirement 2: Build and Maintain a Secure Network – Do not use vendor-supplied defaults for system passwords or other security parameters.

Continue reading PCI for SMB: Requirement 9 – Implement Strong Access Control Measures at Sucuri Blog.

10 Tips to Improve Your Website Security

10 Tips to Improve Your Website Security

Having a website has become easier than ever due to the proliferation of great tools and services in the web development space. Content management systems (CMS) like WordPress, Joomla!, Drupal, Magento, and others allow business owners to build an online presence rapidly. The CMS’s highly extensible architectures, rich plugins, and effective modules have reduced the need to spend years learning web development before starting to build a website.

The ease of launching an online business or personal website is great.

Continue reading 10 Tips to Improve Your Website Security at Sucuri Blog.

Website Security Tips for Marketers

Website Security Tips for Marketers

In our previous post, we have discussed why marketers should have a proactive approach to website security. Today we are going to discuss some security tips marketers can put into practice. In the simplest terms, website security means three things here at Sucuri:

  • Protecting your website from compromises.
  • Monitoring for issues so you can react quickly.
  • Having a documented emergency response plan.

Marketers should champion these initiatives so they can be prioritized by their business development team.

Continue reading Website Security Tips for Marketers at Sucuri Blog.

Web Marketers Should Learn Security

Web Marketers Should Learn Security

Most online marketers think of themselves as T-shaped individuals. The theory behind this concept is that individuals possess a wide range of skills, with some abilities running deeper than others.

Website security awareness is in short supply and we need more champions — especially among small and medium-sized businesses. Digital marketers are in a prime position to add security know-how to their diverse toolkit.

Source: The T-Shaped Web Marketer by Rand Fishkin

It makes sense for marketers to want to secure their websites.

Continue reading Web Marketers Should Learn Security at Sucuri Blog.

OWASP Top 10 Security Risks – Part II

OWASP Top 10  Security Risks – Part II

It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we have started a series of posts on the OWASP top 10 security risks.

The OWASP Top 10 list consists of the 10 most seen application vulnerabilities:

  1. Injection
  2. Broken Authentication
  3. Sensitive data exposure
  4. XML External Entities (XXE)
  5. Broken Access control
  6. Security misconfigurations
  7. Cross-Site Scripting (XSS)
  8. Insecure Deserialization
  9. Using Components with known vulnerabilities
  10. Insufficient logging and monitoring

In our previous post, we explained the first two items on the OWASP Top 10 list: injection and broken authentication.

Continue reading OWASP Top 10 Security Risks – Part II at Sucuri Blog.

Creating a Response Plan You Can Trust

Creating a Response Plan You Can Trust

As a website owner, you may have experienced your website being down for any number of reasons. Maybe due to errors in code, server related difficulties or even being under attack from bad actors.

I once shared my own experience of a hacked website in a webinar. Whether you have one site or hundreds, when restoring your online presence it is imperative to have a process in place.

If Your Website Gets Hacked, What is Your Plan?

Continue reading Creating a Response Plan You Can Trust at Sucuri Blog.