Archive | Security

RSS feed for this section

The Principle of Least Privilege

If you own a website and collaborate with others, the principle of least privilege should never be questioned. It is a computer science principle which has applications and benefits to strengthen your website security posture. This principle is about: Using the minimal set of privileges on a system in order to perform an action. Granting More Info »

Sucuri Monitoring Dashboard Update

We are happy to share some big changes to the monitoring dashboard. The Sucuri Platform features a monitoring dashboard that provides information regarding the security of your website. If you’re not familiar with the monitoring piece of our platform, it’s a cloud-based Intrusion Detection System (IDS) built on the concept of a Network-Based Integrity Monitoring More Info »

Introducing SSL for SaaS

If you’re running a SaaS company, you know how important it is that your application is performant, highly available, and hardened against attack. Your customers—and your revenue stream—depend on it. Putting your app behind a solution such as Cloudflare is an obvious move for your own infrastructure, but how do you securely (and easily) extend More Info »

Labs Notes Monthly Recap – Mar/2017

Every month we recap the latest posts on Sucuri Labs, written by our Malware Research Team (MRT) and Incident Response Team (IRT). Sucuri Labs provides website malware research updates directly from our teams on the front line. You can read past-monthly recaps to catch up on trends we look at every month. The theme for More Info »

Understanding Our Cache and the Web Cache Deception Attack

About a month ago, security researcher Omer Gil published the details of an attack that he calls the Web Cache Deception attack. It works against sites that sit behind a reverse proxy (like Cloudflare) and are misconfigured in a particular way. Unfortunately, the definition of “misconfigured” for the purposes of this attack changes depending on More Info »

Ecommerce Security – Customer Data Breaches Using Images

Since late last year, there has been a steady rise in malware campaigns that aim to steal sensitive personal information and financial credentials. Attackers often insert pieces of malicious code in the middle of a shopping cart process, allowing them to leak credit card numbers, billing addresses,  and identification numbers. The main objective is one More Info »