Black Friday & Cyber Monday 2017 WordPress Deals

Below is a list of promotional codes and promotions our business partners are running this year for the Black Friday and Cyber Monday weekend. Note: We only endorse and promote products we use ourselves to run our WordPress websites. WP Security Audit Log Plugin The WP Security Audit Log is WordPress’ most comprehensive and popular… Read More The post Black Friday & Cyber Monday 2017 WordPress Deals appeared first on WP White Security. Related posts:Black Friday & Cyber Monday 2014 Deals from WP White Security November 2016 WordPress Core, Plugins & Themes Vulnerabilities Roundup February 2017 WordPress Core, Plugins & Themes Vulnerabilities Roundup
Read more

Black Friday All Year? Secure Websites Generate More Revenue Survey Shows

Nowadays, many businesses understand the crucial importance of having a secure website. To keep their – and their customers' data – safe from hackers, they scan their web applications and web services for vulnerabilities, detecting and fixing them before malicious attackers find them. Many others, unfortunately, are either doing little or nothing in terms of website security, mainly because they think that their website is not a target. Others think security vendors are merely scaremongering. So, are we scaremongering or raising awareness? Is it true that insecure websites have a direct impact on the revenue of a business? We Surveyed Consumers About Website Security Black Friday, Cyber Monday and the festive season, a period closely associated with food and shopping, are just a few days away. The vast majority of the respondents (84.6%) said that they do some of their shopping online. What's more, 45% of respondents revealed that over 50% of their shopping is done online. That’s a lot of online shopping! Consumers’ Concerns When Shopping Online In our survey, we asked respondents whether they had any concerns about the security of the online shops they buy from. Here are...
Read more

WP Engine Managed WordPress Hosting Review

I would have never thought that I’ll be hosting one of my websites with WP Engine, let alone writing a review about them. But here I am today, with my most important website hosted with them and writing a review about their managed WordPress hosting service. Like all the other reviews on this website, this… Read More The post WP Engine Managed WordPress Hosting Review appeared first on WP White Security. Related posts:Hosting WP White Security on A2 Hosting Why We Chose SiteGround’s WordPress Managed Hosting Choosing the best web hosting provider for your WordPress
Read more

Live Demo: Exploiting Apache Struts Vulnerabilities

Our CEO, Ferruh Mavituna, and Security Researcher, Sven Morgenroth, joined Paul Asadoorian in episode #143 of Hack Naked News. During the show, Ferruh discusses what causes could have led to the infamous Equifax hack and the data breach of hundreds of millions of records of cardholder data. Even though it was thought that a deserialization vulnerability in the REST plugin of Apache Struts was the main cause, an OGNL Expression Injection (CVE-2017-5638) published in March was the root cause for the breach. Therefore our Security Researcher, Sven, gave a live demo of how to find and exploit several OGNL expression vulnerabilities in Struts. Demo: Identifying and Exploiting OGNL Expression Injection Vulnerabilities During the demo, Sven also used Netsparker Web Application Security Scanner to highlight how easy it is to automatically find these types of vulnerabilities when you use the correct tools. Watch the full Hack Naked News episode #143. You can also skip directly to Ferruh’s discussion of the Equifax hack, and Sven’s explanation of OGNL Expression Injection vulnerabilities and how to identify and exploit them.
Read more

Hesk Developer Uses Netsparker to Automate Web Application Security

“I have a hard time finding any negative aspects to Netsparker Cloud. It is hands down a great tool — all you could wish for from an automated web security scanner. Easy to use and detailed with a low false positive rate.” The customer is always right, and we at Netsparker could not agree more to this statement. So what could be better than an interview with one of our web scanner’s users? This interview with Klemen Stirn, the project-lead, developer and support team for Hesk, explains why he found Netsparker to be a great tool for automating and scaling-up web application security, due to its ease of use and ample support. Tell us a little more about Hesk and your role in the project. Believe it or not, Hesk is currently a “one man team”. I fulfill the roles of project-lead, developer and support team. Hesk is free Help Desk Software allowing businesses to setup a web ticket-based customer support system. The philosophy behind Hesk is that not everyone needs a large and complicated customer support software, there is a need for a small and simple alternative. Are you able to provide some specific details about the size and...
Read more

Netsparker’s 2016 in Review

2016 was a great year for Netsparker! We were the first (and only) web application security scanner vendor to introduce a number of cutting-edge technologies that make it possible to scale up web scanning and easily scan 100s and 1000s of websites, without having to spend hours configuring complex tools and days verifying that the vulnerabilities the scanner has detected are not false positives. In 2016 we have also introduced the monthly updates for our web application security scanner. We have also been featured in a number of interviews on some popular podcasts and more, as highlighted in this overview post. Automating and Scaling Up Web Vulnerability Scanning The first Netsparker update we released in 2016 focused on automation and scalability. We developed features in the scanner to help users automate much more of both the pre-scan (configuration) and post-scan (verifying the results). The February 2016 update of Netsparker scanner had:  Automatic recognition and configuration of URL rewrite rules: you do not need to know the URL rewrite configuration on the target and configure the scanner to crawl and scan all the parameters on the target website.  Proof-Based Scanning Technology: a technology that automatically generates a proof of...
Read more

Best Two-Factor Authentication Plugins for WordPress

Two-Factor Authentication, (aka Two-Step Verification, 2FA) is an additional layer of security you can add to your WordPress login page. With 2FA it is virtually impossible for attackers to login to your WordPress, even if they guess your user’s password. Two-factor authentication is also good to help mitigate WordPress brute force attacks. Read our article… Read More The post Best Two-Factor Authentication Plugins for WordPress appeared first on WP White Security. Related posts:Introduction to Two-factor Authentication for WordPress Use Google Authenticator Plugin to Improve WordPress Security Introduction to WordPress Plugins
Read more

Risky Business Podcast Interviews Ferruh Mavituna on How to Find Vulnerabilities in Thousand Web Applications

Award-winning journalist Patrick Gray interviewed our CEO, Ferruh Mavituna, on how to find vulnerabilities in more than 1,000 web applications. During the interview, Ferruh explains that once you publish a web application online – even if it is a very basic one – a hacker will find it within a few minutes. This highlights how important it is for enterprises to ensure that all of their web applications are secure. Ferruh also explains that the automated nature of Netsparker Cloud facilitates the task of keeping thousands of websites and web applications secure. Development teams will not be overwhelmed by securing a large number of websites. Toward the end of the interview, Ferruh also provides tips on how teams can start to tackle the massive problem of securing thousands of web applications, where their effort should be directed, and how best to use team resources quickly and efficiently. You can listen to the full Risky Business Episode #468 episode from the Risky Business website. Ferruh’s interview is the last feature in the podcast, which begins at 37 minutes.
Read more

Live Demo of How to Bypass Web Application Firewalls & Filters

Many assume that a web application firewall is enough to protect web applications from malicious attacks. Therefore fixing security vulnerabilities is not necessary thanks to the WAF’s blacklist of functions, keywords or characters. However, expectations are very different from reality. Watch episode 526 of Paul’s Security Weekly during which our security researcher Sven busts the myths and demos how attackers can bypass web application firewalls and all kinds of blacklist filters to attack and exploit security holes in vulnerable websites. In his demo Sven shows how to: Bypass Cross Site Scripting, Command Injection and Code Evaluation filters that were meant to protect your web applications Avoid being caught by WAFs And how to generally approach them. During the demo, Sven also explains why it is not possible to have one payload that bypasses all filters, and why less is often more when it comes to bypassing such security mechanisms. Bypassing Web Application Firewalls and other security filters from Netsparker
Read more
Page 1 of 3123