Archive by Author

OWASP Top 10 Security Risks – Part IV

To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks. The OWASP Top 10 list consists of the 10 most seen application vulnerabilities: Injection Broken Authentication Sensitive data exposure XML External Entities (XXE) Broken Access control Security misconfigurations Cross-Site Scripting (XSS) Insecure More Info »

Sucuri Named December 2018 Gartner Customers’ Choice for Web Application Firewalls

The Sucuri team is excited to announce that we have been recognized as a December 2018 Gartner Peer Insights Customers’ Choice for the Sucuri Firewall. Our team takes great pride in this distinction, as customer feedback continues to shape our products and services. In its announcement, Gartner explains, “The Gartner Peer Insights Customers’ Choice is More Info »

Clever SEO Spam Injection

It’s very common for us here at Sucuri to face SEO injections on almost any type of CMS-based site. Today, I’ll be presenting how one particularly ingenious malware manages to hide so well inside a WordPress website. The Traditional Approach There are two common approaches attackers use to inject SEO spam on websites: Injecting HTML More Info »

Naughty or Nice Websites

Santa Claus is coming! Was your website naughty or nice this year? Here is a quick checklist of the top 10 bad things that can harm your website security and the top 10 good things that can improve your website security. Naughty Websites List If your website falls into any of these categories, this is More Info »

OWASP Top 10 Security Risks – Part III

To bring awareness to what threatens the integrity of websites, we are continuing a series of posts on the OWASP top 10 security risks. The OWASP Top 10 list consists of the 10 most seen application vulnerabilities: Injection Broken Authentication Sensitive data exposure XML External Entities (XXE) Broken Access control Security misconfigurations Cross Site Scripting More Info »

Localization and Customization of Credit Card Stealing Malware

Credit card stealing malware is becoming more and more customized. We’ve been regularly seeing injected scripts with URLs that either mimic or include a portion of the victim’s site domain. Sometimes the injected code also references the victim’s site. Recently, we’ve come across another level of customization. Fake Payment Form in Bulgarian A compromised Magento More Info »