❌

Reading view

How to Protect Your Site From Content Sniffing with HTTP Security Headers

How to Protect Your Site From Content Sniffing with HTTP Security Headers

Ever had a perfectly β€œsafe” page or file turn into an attack vector out of nowhere? That can happen when browsers start guessing what your content is instead of listening to your server. Browsers sometimes try to figure out what kind of file they’re dealing with if the server doesn’t provide the Content-Type header or provides the wrong one, a process known as β€œcontent sniffing.” While this can be helpful, content sniffing is a security risk if an attacker can mess with the content.

Continue reading How to Protect Your Site From Content Sniffing with HTTP Security Headers at Sucuri Blog.

  •  

How to Protect Your WordPress Site From a Phishing Attack

How to Protect Your WordPress Site From a Phishing Attack

If you run a website, manage a business inbox, or even just use online banking, you’ve already lived in the phishing era for a long time. The only thing that’s changed is the polish.

Phishing scams have moved past those obviously fake β€œplease verify” requests to include convincing login pages, realistic invoices, and even bogus delivery updates. Some are mass-sent and easy to spot, others are customized precisely for the person they’re targeting, their job, company, tech, and everyday apps.

Continue reading How to Protect Your WordPress Site From a Phishing Attack at Sucuri Blog.

  •  

A Beginner’s Guide to the CVE Database

A Beginner’s Guide to the CVE Database

Keeping websites and applications secure starts with knowing which vulnerabilities exist, how severe they are, and whether they affect your stack. That’s exactly where the CVE program shines. Below, we’ll cover some CVE fundamentals, including what they are, how to search and understand the data, and how to translate this information into actionable steps.

Introduction to the CVE database
So, what is CVE?

CVE stands for Common Vulnerabilities and Exposures, a community-driven program that assigns unique identifiers to publicly known vulnerabilities.

Continue reading A Beginner’s Guide to the CVE Database at Sucuri Blog.

  •  

How to Fix the ERR_TOO_MANY_REDIRECTS Error

How to Fix the ERR_TOO_MANY_REDIRECTS Error

Encountering the ERR_TOO_MANY_REDIRECTS error (also called a redirect loop error) can be frustrating, especially when your website was working fine just moments ago. This issue is common across browsers such as Chrome, Firefox, and Edge and it typically means your site has entered a redirection loop.

In this post, you’ll learn what the error means, why it occurs, ways to identify where the redirect is coming from, and how to fix it effectively – including an important section on redirect types, which often play a direct role in causing this issue.

Continue reading How to Fix the ERR_TOO_MANY_REDIRECTS Error at Sucuri Blog.

  •  

How to Choose WordPress Caching Options

How to Choose WordPress Caching Options

If you want a faster WordPress site, caching belongs at the center of your performance plan. It reduces the work your server has to do and turns slow, dynamic page builds into quick, static responses. On many unoptimized sites, that shift alone can reduce several seconds off page loads when paired with other best practices. The trick isn’t whether to cache but how to pick the right caching approach for your site’s content, traffic, and infrastructure.

Continue reading How to Choose WordPress Caching Options at Sucuri Blog.

  •  

Webcast: Group Policies That Kill Kill Chains

On this webcast, we’ll guide you through an iterative process of building and deploying effective and practical Group Policy Objects (GPOs) that increase security posture. Slides for this webcast can […]

The post Webcast: Group Policies That Kill Kill Chains appeared first on Black Hills Information Security, Inc..

  •  

PODCAST: Active Directory Best Practices that Frustrate Pentesters

// Jordan Drysdale and Kent Ickler talk about Best Practices for setting up Active Directory. Bre joins as fake Sierra to host and ask questions from the audience since real […]

The post PODCAST: Active Directory Best Practices that Frustrate Pentesters appeared first on Black Hills Information Security, Inc..

πŸ’Ύ

  •  
  •  

Scout2 Usage: AWS Infrastructure Security Best Practices

Jordan Drysdale// Full disclosure and tl;dr: The NCC Group has developed an amazing toolkit for analyzing your AWS infrastructure against Amazon’s best practices guidelines. Start here: https://github.com/nccgroup/Scout2 Then, access your […]

The post Scout2 Usage: AWS Infrastructure Security Best Practices appeared first on Black Hills Information Security, Inc..

  •  
  •  

How To Disable LLMNR & Why You Want To

Kent Ickler // Link-Local Multicast Name Resolution (LLMNR) This one is a biggie, and you’ve probably heard Jordan, John, me, and all the others say it many many times. LLMNR […]

The post How To Disable LLMNR & Why You Want To appeared first on Black Hills Information Security, Inc..

  •  

How to Configure SPFv1: Explained for the Masses

Kent Ickler and Derrick Rauch* // Sun Protection Factor Err… wait a second. Sender Policy Framework Ladies and Gentlemen of the class of 1997, Wear Sunscreen…I will dispense my advice, […]

The post How to Configure SPFv1: Explained for the Masses appeared first on Black Hills Information Security, Inc..

  •  

WEBCAST: Stop Sucking at Wireless

Jordan Drysdale & Kent Ickler// Jordan and Kent are back with more blue team madness! The shameless duo continue their efforts to wrangle decades old attacks against wireless networks. The […]

The post WEBCAST: Stop Sucking at Wireless appeared first on Black Hills Information Security, Inc..

  •  
❌