Finding Security Vulnerabilities In Web App Dependencies

Could you vouch for the security of every dependency included in the web applications hosted on your servers? Almost certainly not. Modern web applications are the peak of a mountain composed of perhaps hundreds of software packages. It’s beyond the ability of developers to check every line of every package for potential security vulnerabilities. I don’t want to single out any ecosystem for criticism, but this is a particular problem in the JavaScript world, where it’s normal to pull in a vast number of external packages from NPM.

How To Disable Root Logins On Your CentOS Server

A Linux server’s root user has superpowers. A user logged in to the root account can delete any file, including the operating system itself. They can view any data stored on the server. They can install and remove software. In fact, they have complete control over every aspect of the server.

Credential Stuffing Bonanza Hits File Sharing Sites

A massive collection of authentic email addresses and passwords was discovered on a file sharing service earlier this month. By massive, I mean truly enormous, dwarfing run-of-the-mill data dumps with “only” hundreds of millions of records. The Collection #1 data set, given that name by Troy Hunt, includes 2,692,818,238 records. That’s one record for every third person living on Earth. Amongst those records are 1.1 billion unique email/password combinations, almost 800 million unique email addresses, and 21 million unique passwords. My email address is in there, and yours probably is too.

Cybersecurity in 2019: Two Attacks Server Admins Should Prepare For

The cybersecurity landscape evolves. New technologies breed new attacks. Motivated criminals seek out novel vectors and vulnerabilities. Changes in consumer behavior open lucrative new avenues of attack. As server administrators fight back, attackers double down or focus on neglected weaknesses. Server administrators should invest their limited time where it will have the most impact. They must understand today’s threat landscape to effectively fight back.

What Is ModSecurity and Why Should Server Hosting Clients Use It?

ModSecurity is a web application firewall (WAF) that can protect sites and applications against many common attacks, including cross-site scripting and code injection attacks. ModSecurity is a handy tool to have in your arsenal if your server runs dynamic content management systems like WordPress or eCommerce applications like Magento. But doesn’t your server already have a firewall? Yes, it’s built into the kernel, but WAF’s like ModSecurity play a complementary role.