Honeypotting is an art form and there are many different types of honeypots an organization can create. Regardless of the type of honeypot, they are designed to give bad actors a target within a controlled environment so that we can better understand their tactics and improve our own security. There should never be legitimate users […]
Ecommerce Security: Do Not Host Payment Pages / Forms
We recently consulted on an incident where a bad actor compromised a large ecommerce website. They were able to manipulate elements of the checkout page to hijack the users card information. They targeted an onclick action when the user clicked “continue”. While the platform was not storing the data locally, they had local scripts capturing […]
A Guide to Email Security for Domain Owners
Email is a critical piece of our technical stack as business owners. This is especially true if you’re using your domain for emails (e.g., tony@noc.org vs tony@gmail.com). Ensuring the security of this piece of our tech stack is imperative. Emails have proven an easy vector to abuse, contributing to successful Phishing campaigns, Account Takeovers, Spoofing […]
Bringing A Domain to Life: Choosing Between Closed and Open Web Platforms
Choosing how to bring your domain to life is an important decision. Like with everything, the $10 / year annual subscription for the domain itself is only the beginning. One of the more important, and often overlooked, decision is choosing between Open and Closed platforms. This is a relatively new phenomena, thinking within the last […]
Registries, Registrars and DNS
There are fundamental elements that play a critical role in ensuring the internets functionality and accessibility. Among these, three key components stand out—registries, registrars, and the Domain Name System (DNS). While these terms may sound technical and complex, they form the backbone of our online experiences, shaping the way we navigate the web and access […]
WooCommerce Patches Two SQLi Vulnerabilities
Yesterday, WooCommerce released an urgent announcement encouraging users to update because of a serious vulnerability. They don’t get into the details, but for us it’s imperative to understand what they are patching so that we can virtually patch at the edge via the NOC Web Application Firewall (WAF). Especially when it comes to a platform like […]
The Affects of a CDN on your Websites Performance and Users Experience (and Google)
One of the most common questions we get related to our CDN is about performance. How much faster does it really make a website? Is it worth the trouble to enable a CDN for my site? Does performance have a material impact? Is it worth the cost benefit analysis? Let’s explore those questions. In this […]