Approaching a web applications security is as much about mindset as it is about the tools and configurations you deploy. It’s why security professional always talk about people > process > technology. Unfortunately, in almost every incident response instance the former components, of people and process, are often nonexistent. I blame a lot of this […]
Log4Shell – Lessons Learned in 30 Days
On Decemberr 9th, 2021 the web was turned on its head with the disclosure of a high severity vulnerability coined #log4shell. At the time we wrote an article on how this new vulnerability shines the light on the effectiveness of Web Application Firewalls (WAF) as a defensive control but we didn’t dive deep into the […]
Responding to Website Security Incidents – Incident Response Plan Basics
If there is one thing that we have learned from vulnerabilities like Log4Shell, Heartbleed, Apache Struts Framework, Shellshock, and so many others is that when it comes to the components that power the web, the fabric of the internet, we are not prepared. That acknowledgement is critical in helping us psychologically acknowledge that security itself […]
NMAP – A Free Network Mapping Tool
The Network Mapper (NMAP) is an open-source, free, security scanner that is widely popular, and favorited, amongst security and network analysts. Commercial organizations have tried to emulate it’s effectiveness, but have often failed, usually resorting to integrating it into their platform as an added “feature”. At its core, however, is an extremely powerful tool that […]
Introducing Support for WebSockets
The NOC platform offers its customers a global CDN / WAF. This technology runs on an anycast network that has points of presence around the world. While anyone with a domain can use the platform, Agencies and Hosts get the most bang for their buck on our platform. We’re excited to announce support for WebSocket […]
Using cURL to Test the NOC CDN Performance against Fastly, Sucuri and CloudFlare
In our previous article, we shared details on cURL can be used to test the performance of a website, and how it can be used to troubleshoot performance issues. Building on that, we used the same technique to measure the performance of the NOC CDN. We created test servers across multiple datacenters to get the performance […]
WordPress Security: Active Attacks Against BackupBuddy Plugin Vulnerability
On September 6th, 2022, iThemes released a security advisory on their BackupBuddy plugin. As a global network, we’re able to actively monitor attacks in the wild as they hit our network. This article shares what we’re seeing. The BackupBuddy Plugin Vulnerability The iThemes article doesn’t go into detail about the vulnerability, but describes the vulnerability as […]