In March, Drupal released version 8.5.1 addressing several critical security vulnerabilities. At that time, there was no evidence of the vulnerability being exploited to attack Drupal sites However, on April 12, 2018, a security research firm released a detailed analysis of the vulnerability and steps to exploit it. In the days since this release, multiple exploits of the Drupalgeddon2 vulnerability have been reported.
Tag: web application security
Over one billion websites exist today. With an excess of websites to choose from, we hear many people ask, why did my site get hacked? How did it get hacked? What damage has been done? While there are various reasons and ways a cybercriminal could have hacked your site, there is a very good chance (80% to be exact) they were after your web applications. Web applications account for 80% of website vulnerabilities, making them a very attractive target to cybercriminals.
Expect Increased Volumes
This year, 80% of consumers plan to spend as much or more than they did in 2014, according to an analysis of available research by PFSWeb. Just on Cyber Monday alone, total sales made from consumers’ desktops reached $2.28 billion, up 12% from 2014. Mobile sales on Cyber Monday grew 53% from last year, with total sales reaching $838 million.
Every year about this time, Verizon comes out with an annual review of the results of its investigations into thousands of data breaches and security incidents from around the world.
The report can be very data heavy and even a little depressing, but we can learn great things from it. Here are just ten:
What is TrueShield?
TrueShield is SiteLock’s WAF (web application firewall.) It operates like your very own team of secret service agents, standing guard at every possible entry point on your website, 24/7. The TrueShield web application firewall inspects every visitor who tries to enter your site, denying access to the bad guys and bad bots, and welcoming the rest. You may imagine this would cause a traffic jam and slow down flow to your website – but it is actually just the opposite. The TrueShield WAF includes TrueSpeed, a content delivery network (CDN) which moves your website into the fast lane, loading your pages faster and improving your visitors’ experience – even boosting your SEO. It’s pretty remarkable stuff.
Who can use TrueShield?
Anyone who has a website. The TrueShield web application firewall is cloud-based, which means that it doesn’t require a complicated installation – in fact setup takes just a few minutes. It also means that TrueShield is affordable for even the smallest businesses and budgets. A typical small to mid-sized business does not have the in-house technical staff, nor the time, to deal with the complexities of protecting their site from every potential attacker. A web application firewall, like TrueShield, is the easiest way for a small business to get enterprise-grade protection without needing enterprise-level resources.
To get more information about TrueShield or to learn about other great products to protect your website visit www.sitelock.com today.
The Open Web Application Security Project (OWASP) was formed with the goal of supporting the creation, development, acquisition, operation and maintenance of applications that can be trusted by their users.
As more applications are developed online, the threats to attack those applications increase even more rapidly in the form of threat agents. The agents, in this case, are not often the good guys (even though sometimes they are employees or others within your organization). They are any capability, intention or activity that attempts to exploit the company’s assets, frequently its data.
In a report published at the end of 2012 on the growing hacking threat to websites, research firm Frost and Sullivan found that of all cyber security vulnerabilities, more than 98% were discovered by third-party researchers, while less than 2% were discovered by the people who made the applications that contained the vulnerabilities.
According to Frost and Sullivan, more than 80% of websites have at least one known vulnerability. If that vulnerability is known to security researchers, you can bet it’s also known to hackers who use automated tools to sniff out unpatched vulnerabilities, millions of websites at a time.
And as it turns out, four of the top five of all known vulnerabilities have something to do with websites – Adobe Shockwave Player, Adobe Acrobat, Apple QuickTime, and Microsoft Internet Explorer.
The report also found that the most common attacks on websites include: