Yesterday, WooCommerce released an urgent announcement encouraging users to update because of a serious vulnerability. They don’t get into the details, but for us it’s imperative to understand what they are patching so that we can virtually patch at the edge via the NOC Web Application Firewall (WAF). Especially when it comes to a platform like […]
The Affects of a CDN on your Websites Performance and Users Experience (and Google)
One of the most common questions we get related to our CDN is about performance. How much faster does it really make a website? Is it worth the trouble to enable a CDN for my site? Does performance have a material impact? Is it worth the cost benefit analysis? Let’s explore those questions. In this […]
Introducing DNSRepo
For over a decade Daniel and I have been building very big networks. These networks have amassed massive amounts of usage data and for years it was what we used to get smarter about how we identified and mitigated attacks. When asked, what made us different, it was always about two things: Today, things are […]
Securing WordPress in The Enterprise
Approaching a web applications security is as much about mindset as it is about the tools and configurations you deploy. It’s why security professional always talk about people > process > technology. Unfortunately, in almost every incident response instance the former components, of people and process, are often nonexistent. I blame a lot of this […]
Log4Shell – Lessons Learned in 30 Days
On Decemberr 9th, 2021 the web was turned on its head with the disclosure of a high severity vulnerability coined #log4shell. At the time we wrote an article on how this new vulnerability shines the light on the effectiveness of Web Application Firewalls (WAF) as a defensive control but we didn’t dive deep into the […]
Responding to Website Security Incidents – Incident Response Plan Basics
If there is one thing that we have learned from vulnerabilities like Log4Shell, Heartbleed, Apache Struts Framework, Shellshock, and so many others is that when it comes to the components that power the web, the fabric of the internet, we are not prepared. That acknowledgement is critical in helping us psychologically acknowledge that security itself […]
NMAP – A Free Network Mapping Tool
The Network Mapper (NMAP) is an open-source, free, security scanner that is widely popular, and favorited, amongst security and network analysts. Commercial organizations have tried to emulate it’s effectiveness, but have often failed, usually resorting to integrating it into their platform as an added “feature”. At its core, however, is an extremely powerful tool that […]