Introducing webClinic Pro's Web Application Firewall (WAF)

The website security landscape is constantly evolving to handle new security threats. With many available solutions, we put forth a great deal of effort to find the right solutions for our Prevention service. Previously we utilized a third party system for a portion of that service that provided a simple but essential Web Application Firewall (WAF) at a reasonable price. Recently, industry-leading WAF providers began increasing their fees to aim their services at larger companies and avoid the small business market. Rather than follow suit and increase our prices, we decided to build a custom solution with a small business budget in mind. A Firewall is necessary for websites in today's security climate and should be reasonably available and affordable for everyone.

New Malware Injection Method: PDF Upload Fields

Recently we discovered a new threat affecting our Drupal website clients, specifically those with web forms (also known as the webform module) that contain a file upload field. It is not uncommon for a site to collect a file such as an image or PDF via their website to better communicate with their visitors. Because this is a standard feature and often open to the public, it has become a target for malware.

Is your website encrypted? It should be.

It’s our firm belief that every website should implement encryption. Website encryption has become a hot topic lately, with most people identifying website encryption as the green lock at the top of the browser. Website encryption focuses on the information that passes back and forth between the website visitor and server. A visitor makes a request for a webpage, the server processes it and sends back a response. Most of this information isn’t interesting to hackers, but using encryption makes it more difficult for them to use any of this information for investigation.

Serious About Security

In a 2014 blog posting Google announced that they were getting serious about security.

“Security is a top priority for Google. We invest a lot in making sure that our services use industry-leading security, like strong HTTPS encryption by default… We want to go even further. At Google I/O a few months ago, we called for “HTTPS everywhere” on the web.”


Rising Encryption Standards - Upgrading SHA-1

Encryption algorithms are used to make websites secure.  In order to secure a website it requires an SSL certificate that uses encryption algorithms to keep the data safe in transit.  SHA-1 is a common encryption algorithm that is commonly used, but is now vulnerable as a result of decreasing hardware costs and increasing processing power.  If a someone had the money, they could buy processing power and break the encryption.

Protect Your Online Shopping

The holiday season is quickly approaching, and with it an exponential growth in online versus brick and mortar shopping. In the past few years online sales have grown so much that Black Friday is now coupled with the increasingly famous Cyber Monday. With this frequency of online sales comes a larger target for fraud and identity theft so now is a good time to start taking your online security more seriously. Here is a few simple tips to help your browse and shop safely this coming season.

Subscribe to RSS - blogs