Ask Sucuri

A Scam-Free Cyber Monday for Online Businesses

Every year we see an increase in website attacks during the holidays.  While business owners see their sales go up due to promotional Black Friday and Cyber Monday campaigns, hackers are in the background working nonstop to create malicious, fraudulent websites as well as take advantage of legitimate ones. Main Cyber Monday Threats Phishing Pages One

[ Read More ]

PCI for SMB: Requirement 9 – Implement Strong Access Control Measures

Welcome to the sixth post of a series on understanding the Payment Card Industry Data Security Standard–PCI DSS. We want to show how PCI DSS affects anyone going through the compliance process using the PCI SAQ’s (Self Assessment Questionnaires). In the previous articles written about PCI, we covered the following: Requirement 1: Build and Maintain

[ Read More ]

Real-Time Fine-Tuning of the WAF via API

Though the Sucuri Firewall is simple to set up and protects your website immediately, it’s possible to have granular control of the WAF by using an API. For instance, there’s a specific filter inside the WAF dashboard called Emergency DDoS. This filter basically increases the strength of the DDoS protection to an “emergency” level where

[ Read More ]

Website Security Tips for Marketers

In our previous post, we have discussed why marketers should have a proactive approach to website security. Today we are going to discuss some security tips marketers can put into practice. In the simplest terms, website security means three things here at Sucuri: Protecting your website from compromises. Monitoring for issues so you can react

[ Read More ]

OWASP Top 10 Security Risks – Part II

It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we have started a series of posts on the OWASP top 10 security risks. The OWASP Top 10 list consists of the 10 most seen application vulnerabilities: Injection Broken Authentication Sensitive data exposure XML External

[ Read More ]

Creating a Response Plan You Can Trust

As a website owner, you may have experienced your website being down for any number of reasons. Maybe due to errors in code, server related difficulties or even being under attack from bad actors. I once shared my own experience of a hacked website in a webinar. Whether you have one site or hundreds, when

[ Read More ]

Security Monitoring Saves the Day

For the second week of  National Cyber Security Awareness Month, we would like to focus on a very important part in having a good website security posture: monitoring. How can security monitoring save your day? Most people only care about their website security after something bad has already happened. However, how can you tell when

[ Read More ]

OWASP Top 10 Security Risks – Part I

It is National Cyber Security Awareness Month and in order to bring awareness to what threatens the integrity of websites, we would like to start a series of post on the OWASP top 10 security risks. OWASP stands for the Open Web Application Security Project, an online community that produces articles, methodologies, documentation, tools, and

[ Read More ]

October Cybersecurity Month

Since 2003, October has been recognized as National Cybersecurity Awareness Month. It is an annual campaign to raise awareness about the importance of cybersecurity and being a better digital citizen. October has just started and a majority of security companies are promoting internet security. With the holidays fast approaching, it is a crucial time for

[ Read More ]

PCI for SMB: Requirement 7 & 8 – Implement Strong Access Control Measures

This is the fifth post in a series of articles on understanding the Payment Card Industry Data Security Standard – PCI DSS. We are halfway there! In the previous articles about PCI, we covered the following: Requirement 1: Build and Maintain a Secure Network – Install and maintain a firewall configuration to protect cardholder data.

[ Read More ]