WooCommerce Patches Two SQLi Vulnerabilities

Yesterday, WooCommerce released an urgent announcement encouraging users to update because of a serious vulnerability.   They don’t get into the details, but for us it’s imperative to understand what they are patching so that we can virtually patch at the edge via the NOC Web Application Firewall (WAF). Especially when it comes to a…

Read More

Evolving the CDN / WAF Stack

A decade ago we built our first CDN/WAF solution. It was built from a need to keep websites from getting reinfected.   At the time, our company was focused on identifying and remediating hacked websites. What we learned in the process is that it really doesn’t matter what you tell a website owner, they will…

Read More

Securing WordPress in The Enterprise

Approaching a web applications security is as much about mindset as it is about the tools and configurations you deploy. It’s why security professional always talk about people > process > technology. Unfortunately, in almost every incident response instance the former components, of people and process, are often nonexistent.   I blame a lot of…

Read More

Optimized Origin with the NOC CDN

A core component of setting up a Content Delivery Network (CDN) is defining the origin of the site. This origin is traditionally the IP address for the server that houses the site content. It’s where the CDN will be pulling content from. A few CDN’s even allow you to specify multiple origins, empowering admins to…

Read More

WordPress Forced Updates vs Auto-Updates and Abusing User Defined Intent

On June 1st, Automattic’s JetPack plugin released an update to patch an exploitable vulnerability. The vulnerability was found in their Carousel feature. The release invites plugin users to update their version. It warns that while it’s not known to be actively exploited it could be now that it’s been released. One thing it fails to…

Read More

Arbitrary File Vulnerabilities And Why They Matter to Your Website

Our last article explored trends we were seeing against WordPress and something became very evident – Arbitrary File Vulnerabilities ranked #1 for vulnerabilities being scanned for. Although the scope of our tests were limited, it does a lot to help better defenders better understand the tactics, techniques and procedures (TTP) being employed by bad actors.…

Read More

The Domain Name System (DNS)

In our previous article, we explored the relationships between Registrars, Registries and DNS. In this article, we will dive deeper into the world of DNS. The art of Routing Web Requests (Hello DNS) DNS stands for Domain Name System (DNS), you might hear it used interchangeably with Domain Name Server (DNS). It is the mechanism…

Read More