NAXSI is an open-source WAF for Nginx (Web Application Firewall) which by default can block 99% of known patterns involved in website vulnerabilities. NAXSI means Nginx Anti XSS & SQL Injection Technically, it is a third party Nginx module, available as a package for many UNIX-like platforms. This module, by default, reads a small subset […]
Countermeasures
Defence In Depth For Web Applications
Defence in depth for web applications is something that not many companies apply even though the model itself is nothing new. Defence in depth refers to applying security controls across multiple layers, typically Data, Application, Host, Internal Network, Perimeter, Physical + Policies/Procedures/Awareness. Defence in depth is a principle of adding security in layers in order […]
13 WordPress Security Tips From Acunetix
WordPress has a pretty poor reputation when it comes to security, so here are some WordPress security tips from Acunetix. The WordPress security perception is mostly unfounded sadly, as core WordPress is pretty secure – as long as it’s updated. The same goes for plug-ins and themes, if poorly maintained they are an easy ingress […]
Gophish – Open-Source Phishing Framework
Gophish is a phishing framework that makes the simulation of real-world phishing attacks very straight forwards. The idea behind gophish is simple – make industry-grade phishing training available to everyone. There are various other similar tools available such as Simple Phishing Toolkit and sptoolkit Rebirth. I wonder if this is the beginning of an emergence […]
WAF-FLE – Graphical ModSecurity Console Dashboard
WAF-FLE (Web Application Firewall: Fast Log and Event Console) is a OpenSource ModSecurity Console – which allows the modsecurity admin to store, view and search events sent by sensors. It uses a graphical dashboard to drill-down and find quickly the most relevant events. It is designed to be fast and flexible, while keeping a powerful […]