Tips to harden your Nginx configuration; part 2

This is the second part in the series on Nginx server security. This article follows on from Part 1 with more tips on hardening your Nginx configuration. 5. Make use of ModSecurity ModSecurity is an open-source module that works as a web application firewall. Different functionalities include filtering, server identity masking, and null byte attack prevention. Real-time […]

Read More →

Are you prepared for PCI v3.0?

At the end of December 2014 the new set of Payment Card Industry Data Security Standards (PCI DSS) will come largely into force, with just a few small elements having the later deadline of July 2015 to allow businesses time to adapt. If your company or organisation processes card transactions, either directly or through a […]

Read More →

8 tips to secure your IIS installation

You have just finished installing IIS on your Windows OS. You’re probably thinking that you can delve into the web development world and forget all about the underlying web server. After all, IIS is a Microsoft product so it should install with the right default configuration settings, right? That is far from true with IIS. […]

Read More →

Analysing the latest trends in web application attacks

A recent study by a leading web application security vendor has highlighted some interesting statistics about web application attacks. Some of the findings examined below should enable web security practitioners to better anticipate, identify and act against cyber threats. Threat Growth One of the unsurprising news items is that web application attacks have increased in […]

Read More →

Critical Drupal SQL Injection vulnerability

Drupal has released a HIGHLY CRITICAL security advisory for its latest version of the popular content management system, urgently advising users to update to Drupal 7.32 or install a patch to fix the vulnerability. The vulnerability, reported by Stefan Horst from SektionEins GmbH, allows for unauthenticated users to gain full control of the database, and to […]

Read More →

Recommendations for TLS/SSL Cipher Hardening

Transport Layer Security (TLS) and its predecessor, Secure Socket Layer (SSL) are widely used protocols designed secure the transfer of data between the client and the server through authentication and encryption and integrity. Contrary to common assumptions TLS/SSL is a not only a widely used technology in websites and web applications (using the HTTP protocol), […]

Read More →