Articles

Cloud Security Management Is Flawed

Actualités, Méthodes et organisation des process IT

The network model for security fails in the cloud. While the old on-prem model made sense in the earlier days of computing, the rapidly expanding suite of cloud providers, along with their infinite combinations of settings and services, now places an extraordinary burden on security teams to become cloud-centric. An enterprise that doesn’t fully understand its role in securing its data in the public cloud is taking unnecessary risks with its outdated security strategies.

In the traditional data center, the network provided a secure boundary for the organization. The network was carved up into zones and trusts were established within and between zones. Security architectures were established and tools deployed based on this strategy, which largely involved monitoring the traffic flows and enforcing controls where the zones met. But in the cloud, this approach is no longer relevant. Time and again, in breach after breach, headline after headline, the modern attack cycle, particularly in the cloud, starts with identity. Attackers seek access to the identity, then pivot between resources, discovering credentials and other identities that give them more and more access to get what they want.

Source de l’article sur DZONE

22 juin 2021/par Service comm.

Leadership Is About Growth, Not Brilliance

Actualités, Méthodes et organisation des process IT

Does it ever cross your mind that praise can be negative? I guess not. After all, it looks harmless and seems to be quite effective. Conventional wisdom says that if you praise people, they are motivated to do better.

People who have been praised throughout their life by their well-meaning parents, friends, and teachers for their talent and smartness or those who have experienced extreme focus on talent and smartness throughout their childhood learn to value only intelligence. No wonder when these people enter the workforce, they continue to seek approval and demand praise every step of the way.

Every opportunity is a measure of their intelligence — do I look smart, how will I be judged, what if others find my ideas dumb. With a single-minded focus on validating themselves, all their actions are rooted in establishing their worth. Every mistake hurts their reputation and every failure is a reflection of their competence. They care less about learning and more about proving themselves. Their sense of morality sometimes takes a hit as they resort to brutal behaviors — demeaning others by yelling, insulting, controlling, or taking undue credit — all in an attempt to boost their self-esteem.

Carol Dweck, professor of Psychology at Stanford University summarised this unfortunate reality from Morgan McCall’s book High Flyers:

People often like the things that work against their growth. . . . People like to use their strengths . . . to achieve quick, dramatic results, even if . . . they aren’t developing the new skills they will need later on. People like to believe they are as good as everyone says . . . and not take their weaknesses as seriously as they might. People don’t like to hear bad news or get criticism. . . . There is tremendous risk . . . in leaving what one does well to attempt to master something new.

What Do Organizations Do with Such People?

They feed and promote this mindset. They praise people for their brilliant ideas conveying the message “we value talent and smartness.” They shower people with rewards and bonuses for their achievements communicating to everyone else around “all we care about is success.”

What happens when these people take on a leadership role? Their mindset of valuing brilliance above everything else amplifies leading to disastrous results. History is full of leadership fiascos with great promises that turned out to be the biggest disasters. This article from Malcolm Gladwell in The New Yorker is as valid now as it was 18 years ago. Describing the talent mindset at Enron and the consultants at McKinsey who wandered the hallways at the company’s headquarters, he points out “They were there looking for people who had the talent to think outside the box. It never occurred to them that, if everyone had to think outside the box, maybe it was the box that needed fixing.”

He also talks about the impact of an environment that values innate talent and what happens when times get tough and that self-image is threatened “They have difficulty with the consequences. They will not take the remedial course. They will not stand up to investors and the public and admit that they were wrong. They’d sooner lie.”

Really, is praising people for their intelligence and achievements the only way to develop people who will be the leaders of tomorrow? Is there a better way out?

What if we praised people for their hard work, for their ability to persist despite failures and setbacks, for taking initiatives to build new skills, for standing up to their mistakes, for believing in their growth, and implementing the right strategies to overcome their shortcomings. What does this kind of praise tell them?

It tells them the value of effort in building abilities. It teaches them the importance of implementing the right strategies to solve problems. It encourages them to seek help to make progress on their task. It creates a passion for learning that’s not driven by the need to look smart, but with a desire to cultivate skills, to stretch themselves to grow.

When these people take on leadership positions, this mindset guides them to put the well-being of the company and its people before their own needs, to place value on teamwork over individual accomplishment, and to foster growth and development of their people.

As growth-minded leaders, they start with a belief in human potential and development — both their own and other people’s. Instead of using the company as a vehicle for their greatness, they use it as an engine of growth — for themselves, the employees, and the company as a whole.
– Carol Dweck

Unlike leaders who pull their companies down with their focus on brilliance, these leaders lead their companies into greatness and gratitude filled in their own hearts and those of the people around them.

Choose your praise carefully as you will see the tremendous benefits in praising for growth over brilliance.

When Leaders Focus on Brilliance

They live in a world of personal greatness and entitlement, vie for labels, and will do anything to boost their image. Instead of building a long-lasting company, they spend time and money on enhancing their image.

With the constant need for validation, they use people in the company to feed their egos and showcase their superiority. Everything is about pleasing the boss. They surround themselves with people who boost their self-esteem. Agreement earns them admiration and disagreement is an attack on their intelligence. Instead of hearing people out, they punish dissent and shut people down.

They pounce at the less talented for their lack of intelligence and find those who are more talented than they are as threatening. They mistreat employees, yell, insult, control and abuse them into their way of doing things. They feel better about themselves by making other people feel worse. Employees worry about being judged all the time. When people are ridiculed for mistakes, they soon learn to keep their heads down, stop putting their critical thinking skills to use, and give in to groupthink.

Their belief in their superiority blinds them to see reality. They turn a blind eye to complaints, ignore warning signs, and fire people who tell them what they don’t want to hear. Their decision-making criteria are based on what would make them look good as opposed to what’s good for the company long term.

What happens when a leader refuses to confront the brutal facts? “The minute a leader allows himself to become the primary reality people worry about, rather than reality being the primary reality, you have a recipe for mediocrity, or worse. This is one of the key reasons why less charismatic leaders often produce better long-term results than their more charismatic counterparts.
– Jim Collins

Since success and failure are a part of their identity — success means they are smart and failure means they are not — they find excuses and blame others for failures instead of taking personal responsibility. Instead of investing in the future growth of their company, they play safe with fear of failure, become less responsive to challenges from competition, go with what’s tried and tested, and refuse to take risks. Why take up the challenge that can hurt their reputation? On the other extreme, they may not shy away from crossing ethical boundaries to beat the competition at all costs. Success is what they are after and it doesn’t matter how they get it.

With more focus on talent and less on potential, they do not invest in mentoring and coaching employees. Instead of putting practices in place to develop employees and help them collaborate together, they make them compete against each other.

Carol Dweck sums up their brilliant mindset “My genius not only defines and validates me. It defines and validates the company. It is what creates value. My genius is profit. Wow!”

When Leaders Focus on Growth

They operate with a learning mode. They don’t claim to be genius but promise to invest in development, their own development, and the development of their people. The drive and enthusiasm to grow their companies make them adopt long-term strategies over short-term tactics. They aren’t in the game to boost their ego or establish their self-esteem. It’s the pure joy of shaping the future of their company that excites and motivates them. More than prestige, they are in it for the challenge.

They understand that the path to success goes through failure. Why lose the opportunity that can drive their future growth? So instead of hiding behind their failures, they face them head-on. Failures don’t define their competence, they are glaring moments of self-reflection. They are opportunities to build skills, explore possibilities, experiment, and invest in the promise of a better future.

They lead with vulnerability. They accept mistakes to shift the focus in the organization from hiding mistakes to finding solutions. When they don’t know something, instead of pretending to hide their ignorance, they say “I don’t know”. These three powerful words show humility and self-confidence. To make decisions, they invite others to share their opinion which promotes the culture of constructive criticism. Since they do not connect their identity to their opinion, more value is placed on seeking the right answers which require open disagreements and championing flexibility of opinion over their sense of righteousness.

Difficult situations make them uncomfortable, no doubt. Instead of letting their discomfort get in the way of meaningful conversations, they embrace it. They choose to look past their discomfort in the value that these discussions provide — saving a lot of time that can be wasted due to stress and anxiety that comes from misalignment of expectations and lack of clarity of purpose.

They are tough but compassionate. They do not shy away from giving critical feedback while also challenging the people in their organization to step outside their comfort zone. They empower people to make decisions with the right channels of feedback to assist in better decision-making in the organization.

Leaders with the growth mindset operate with what Lou Gerstner, who turned IBM’s fortunes around by saving it from near bankruptcy said “Hierarchy means very little to me. Let’s put together in meetings the people who can help solve a problem, regardless of position.” Not blinded by reality, they focus on finding solutions that will push their company forward. This requires keeping an open eye to change in market trends, identifying and investing in future growth areas, and taking calculated risks.

With a focus on potential and growth, they invest in identifying and building future skills of the organization — skills that will be useful during difficult circumstances giving them an advantage over the competition. They foster productivity through coaching and mentoring, place value on teamwork by encouraging collaboration and defining shared measures of success.

Warren Bennis, a scholar, author, and widely regarded as a pioneer of the contemporary field of Leadership studies, writes in Organizing Genius:

Leaders are people who believe so passionately that they can seduce other people into sharing their dream.

His most admirable view on leadership says:

Good leaders make people feel that they’re at the very heart of things, not at the periphery. Everyone feels that he or she makes a difference to the success of the organisation. When that happens people feel centred and that gives their work meaning.

What kind of leaders think like this — those focused on brilliance or the ones driven by growth?

Previously published here.

Source de l’article sur DZONE

5 juin 2021/par Service comm.

Automated Pen Testing With Zed Attack Proxy

Actualités, Méthodes et organisation des process IT

In this post, you will learn how to execute penetration tests with OWASP Zed Attack Proxy (ZAP). ZAP is a free web app scanner which can be used for security testing purposes.

1. Introduction

When you are developing an application, security must be addressed. It cannot be ignored anymore nowadays. Security must be taken into account starting from initial development and not thinking about it when you want to deploy to production for the first time. Often you will notice that adding security to your application at a later stage in development, will take a lot of time. It is better to take security into account from the beginning, this will save you from some painful headaches. You probably have some security experts inside of your company, so let them participate from the start when a new application needs to be developed. Nevertheless, you will also need to verify whether your developed application is secure. Penetration tests can help you with that. OWASP Zed Attack Proxy (ZAP) is a tool which can help you execute penetration tests for your application. In this post, you will learn how to setup ZAP and execute tests with the desktop client of ZAP. You will also need a preferably vulnerable application. For this purposes, Webgoat of OWASP will be used. In case you do not know what Webgoat is, you can read a previous post first. It might be a little bit outdated because Webgoat has been improved since then, but it will give you a good impression of what Webgoat is. It is advised to disconnect from the internet when using Webgoat because it may expose your machine to attacks.

Source de l’article sur DZONE

21 avril 2021/par Service comm.

Disaster Recovery Examples

Actualités, Méthodes et organisation des process IT

Run Differentials

This tutorial shows how you can recover data from either a fat finger or malicious data attack. This tutorial can be utilized if the data issue is found within the Cockroach GC window for a particular zone configuration which by default is 25 hours. An additional tutorial will show how to recover using a backup.

Setup Movr With a Bad Actor Record

For this example, we’ll create a MOVR workload and show how to recover from a malicious attack from a user called devil. On the MOVR rides table, let’s activate an audit log so we can see all of the SQL transactions that incur on the table. While the workload is running, we’ll inject the rogue user called devil and have that user create a malicious transaction that updates all of Tyler Dalton’s transactions to be $1000.

Source de l’article sur DZONE

9 mars 2021/par Service comm.

9 Easy Ways to Deal With Difficult Clients

Actualités, Actualités

Naturally, there are bad clients out there, but 90% of the time, it’s not really the client who is at fault. Poor communication, a lack of setting expectations, and a failure to qualify clients beforehand is usually the problem.

If you’re dealing with a problematic client, there’s usually not a lot you can do to ‘fix’ things — you should focus on finishing the project as well as you can. However, what you can do is ensure this situation never arises again.

We’ve been taught that the customer is always right. But to be honest, that’s not always the case. It’s your job as a designer and brand consultant to help your client grow their business. Because of that, you may think you have to make every idea a client has — but if these ideas do not serve their business and their brand, you have to speak up! Remember that you were hired for a reason, and that reason is that you can help them build their brand, not because you can design anything they think of.

So, to avoid the ‘difficult’ client scenario, here are a few things you can do.

1. Be Selective With Your Clients

Figure out who your ideal client is and determine that you will only work with them. Ideal clients are usually people who understand you and respect you and your expertise. A client who hires you because they know what you have to offer (i.e., working towards their business goals) will be more receptive to what you present to them — they will also be more receptive when you push back ideas.

you have to be willing to decline projects

Your ideal client is not someone who wants to dictate the whole process to you (clients who already have an idea in their head and want you to make it into reality for them).

This means you have to be willing to decline projects. This can be super difficult — saying no to a paying client always is — but the mental toll of working for a non-ideal client is never worth the money!

Be selective with your clients and ensure you are on the same page before accepting any projects. To work only with your ideal client, you can have a method of qualifying them ahead of time. Some people use questionnaires; others sit down and have a chat with potential clients. If they meet your requirements, that’s great. If not, then let them know it might not be the best fit for both of you. You can also refer them to another freelance designer, who you know would be glad to have their work.

2. Remember: You are NOT an Employee

People usually become freelancers because they have a set of skills that doesn’t tie them down to one employer — you may have even developed this skill set deliberately to avoid being stuck in one office, working for one company!

So don’t forget that you are not an employee. Your clients don’t get to send you to non-productive meetings, have you in the office at certain times, or dictate any other part of your working life to you. As a freelancer, you work for yourself — don’t get caught up in the idea you are ‘employed’ by your clients.

If your client starts acting like an employer, you need to gently remind them that you are a freelancer. They chose to work with you because of your skills and talents, and as long as you deliver it on time and budget, they can’t complain about how you do it!

3. Have a Specific Scope of Work

One of the most frustrating parts of freelancing is over-demanding clients: it happens to us all, but it happens because we let it happen!

When you start a project, define exactly what you will and won’t do as part of a contract. Then, if the client wants more than you said you would give, you can refer them to the scope document and offer the additional work at an extra fee.

Documentation saves you a lot of hassle!

Having a fixed scope for all your work will free you from the ‘demanding client’ problem. Before you start working for them, sit down with them and ask them exactly what they want from your design. That way, you know exactly what you should do and what you should not do. You can then document the services you will provide and get a written confirmation from them. Clients will sometimes forget what they told you before — which is why having written documents to show them is useful.

If they ask for additional services, you can update the document stating these changes and send them a copy. Documentation saves you a lot of hassle! It’s your responsibility to be organized and professional at the end of the day, even with over-demanding clients. Always treat them kindly — never be rude, as this will cause them to give you a bad review and hurt you in the end. Act like a professional from the start, and your clients will treat you as such.

4. Document Agreements

You may find yourself with a client who is forever changing their mind or forgetting the details — so make sure all your agreements with them are documented, and both of you have copies. Just like the scope of work documents, you can refer to these agreements in the future, and it will resolve any issues you have.

5. Set Clear Expectations

You need to set clear expectations both before and after someone becomes your client — tell them what they can expect in the project and what is included and what’s not included. Remember that your time is valuable: you cannot work indefinitely, so it is okay to set limitations in a project. One way to do this is to offer two rounds of revisions on a project. This is more than enough to come out with a design a client is happy with. Most clients will understand these limitations as long as you communicate them from the get-go.

6. Set Benchmarks

Rather than taking your design brief from the client and going off on your own to design everything, set some project milestones or benchmarks. Don’t be that designer who goes radio-silent until the final design is presented (we know, creatives like the idea of the ‘big reveal,’ but remember this is business, and communication is key!).

Benchmarks are important for a few reasons. Firstly, presenting the final design may sometimes work out, but other times, the client doesn’t like it or the direction they had in mind. Secondly, it saves you time – you don’t need to design a whole project only to have to go back and revise it all!

creatives like the idea of the ‘big reveal,’ but remember this is business, and communication is key!

Plan regular check-ins with your client, include them in the process, and ensure you are on the right track.

Take a branding project, for example. You can present to your client two or three logo concepts, providing them with options. This decreases the number of times a client is unhappy with the project’s direction because they can choose which one they want. Remember to make each design unique, rather than just a small variation of the other. Think of them as three different directions to explore with your client, and take it from there.

Ensure each concept you provide is top of your game, too — that way, whatever your client chooses, it will be a great design. Imagine you make two okay concepts and one great concept, and your client chooses the weakest design!

7. Don’t Take Offence

Imagine the scene: you go to a meeting with your client to talk about the final design. You arrive, and as well as your normal contact, the CFO is present at the meeting. They take one look at your design and decide it doesn’t work.

Don’t get mad! For a start, you don’t know if the CFO has the final say on the design, and even if they do, you have an agreed scope of work, and this is now an opportunity to move the goalposts (for a fee) and renegotiate the scope of work. Look at this as an opportunity, not as a setback!

Also, remember that you can’t please everyone all the time. Not everyone will love your designs, and it’s not a personal attack.

8. Match Your Client’s Energy

Think before you open your mouth — communication is crucial in the freelancing world, and you need to be on par with your clients’ energy and vocabulary. Imagine you have just agreed on a project with a new client, and after the meeting, they say, “I cannot wait for you to knock this logo out of the park!” And you reply hesitantly, “I’ll do what I can.”

This has already made your client doubt you, and that’s a red flag. Now your client may leave the meeting wondering if they chose the right designer for the job. What you and your body language need to say is, “Hell, yes! We’re going to knock this logo out of the park!”

This is why matching a client’s energy is so important. If they are aggressive in articulating themselves, you should be, too; obviously within limits — always be professional, but don’t be afraid to sound excited and confident!

9. Be Honest With Yourself

Sometimes, you don’t get on with someone. It happens. We can’t be best friends with all of our clients! If there’s a personality conflict that’s causing problems, it can be impossible to resolve. You may want to have someone else handle the client relationship or transfer the project to another freelancer.

being afraid will never get you anywhere as a freelancer

What makes being a freelancer great is that you actually have all the power — you can fire a client if it’s really not working for you. An employee cannot fire his or her boss. If the relationship between you and your client has turned sour, you hate the work, and it’s causing you too many headaches, you can get rid of them. No one can make you work for someone!

Even if your client represents a huge chunk of your income, don’t be afraid to fire them. There are always more clients — being afraid will never get you anywhere as a freelancer. You also need to remember that your quality of life is just as important as your income! One cannot exist without the other — there’s no point in having a huge paycheck if your sanity is suffering due to it.

Conclusion

‘Difficult’ clients in freelancing do exist, but a lot of the time, you’ll discover they could have been avoided if you, the designer, took a few key steps.

You should always be selective with your clients and ensure they fit your ‘ideal client’ model; if they don’t, you can gently refuse their project and send them on to another designer who is a better fit.

When you do start working with a client, remember they are just that, a client. They are not your boss or employer, and you are a freelancer. They don’t get to dictate your working hours or appearance in meetings. They agreed to work with you, for your skills and talents, as long as you deliver quality work on time, they don’t get to tell you what to do.

Always have a scope of work in a written contract and set expectations before you begin. This saves you hassle later when a client becomes overly demanding. Along the design process, document all agreements in paper and have benchmarks wherein you check-in with your clients.

Finally, take care with how you handle your clients in person – don’t take offense if they don’t like a design, match their energy, so they have no room to doubt you, and if it really just isn’t working due to a personality conflict, remember you are free to leave!

Featured image via Pexels.

Source

Source de l’article sur Webdesignerdepot

25 décembre 2020/par Service comm.

10 Reasons Your WordPress Site Will Get Hacked (and How to Stop It)

Actualités, Actualités

A hacked WordPress site is as damaging as having your home burgled. It can completely shatter your peace of mind and adversely impact your online business.

Why do hackers target WordPress sites? The answer is relatively simple: WordPress is the single biggest platform for website creation these days, so there’s a larger base to attack; this attracts the attention of online criminals.

So, how can a hack impact your website?

Depending on the type of attack, your website could suffer any of the following:

It could be defaced completely;
It could load or operate very slowly on any device;
It could completely crash and malfunction;
It could display the dreadful “White Screen of Death”;
Its incoming visitors could be redirected to other suspicious websites;
It could lose all your valuable customer data.

This list is not exhaustive but you get the idea.

Now that we know how a successful hack can impact your website and online business, let us look at the top 10 reasons behind WP hacks and prevent them.

1. An Insecure Web Host

Like any website, WordPress is hosted on a web host or server. Unfortunately, most site owners do not pay much attention to the web host they select and choose the cheapest they can find. For example, it is more affordable to host a website on a shared hosting plan — one that shares its server resources with many other websites like yours.

This can make your site vulnerable to hackers as a successful hack into any website on the shared server. A single hacked site can consume the overall server bandwidth and impact all the other sites’ performance.

The only way to fix this problem is to opt for a reliable host and a virtual or dedicated server.

Pro tip: If you’re already using a shared hosting plan, check with your hosts if they offer VPS hosting and make the switch.

2. Use of Weak Passwords

Weak passwords are the main reason behind successful brute force attacks that target your account. Even to this day, users continue to use weak and common passwords like “password” or “123456”; if you’re one of them, your website could land in trouble!

Guessing weak passwords allows hackers to enter the admin accounts where they can inflict the maximum damage.

How do you fix this problem? Simple, ensure all your account users (including admin users) configure strong passwords for their login credentials. With at least 8 characters, passwords must be a mix of upper- and lower-case alphabets, numbers, and symbols.

For added safety, install a password management tool that can automatically generate and store strong passwords.

Pro tip: You can use a plugin to reset passwords for all your users.

3. An Outdated WP Version

Outdated software is among the most common reasons why websites get hacked. Despite being free to download, most site users defer updating their site to the latest version, for fears of updates causing their site to crash.

Hackers take advantage of any vulnerability or bug in an older version and cause issues like SQL Injections, WP-VCD Malware, SEO Spam & other major issues like website redirecting to another site.

How do you solve this problem? When you see a notification about an update on your dashboard, update your site as soon as possible.

Pro tip: If you are worried about updates crashing your live website, you can first test the updates on a staging site.

4. Outdated WP Plugins and Themes

Similar to the previous point, hackers also take advantage of outdated, unused, or abandoned plugins and themes installed on websites. With over 55,000 plugins and themes that are available, it is easy to install a plugin or theme, even from unsafe or untrusted websites.

Plus, many users do not update their installed plugins/themes to the latest version or do not find the updated version. This makes it easier for hackers to do their job & infect sites.

How do you avoid this problem? As with the core WP version, update each of your installed plugins/themes on your site regularly. Take stock of all the unused ones and remove them or replace them with better alternatives.

You can update your plugins/themes from your hosting account.

Pro tip: We suggest setting aside time every week to run updates. Test them on a staging site and then update your site.

5. Common Admin Usernames

In addition to weak passwords, users also create common usernames that are easy to guess.

This includes common usernames for admin users like – “admin”, “admin1”, or “admin123”. Common admin usernames make it easier for hackers to get into admin accounts and control backend files in your WP installation.

How do you avoid this problem? If you are using any such usernames that are easy to guess, change them immediately to a unique username. The easiest way of doing it is through your hosting account’s user management tool, by deleting the previous admin user and creating a new admin user with a unique username.

As the first step, change the default username of your admin user and limit users who have administrator privileges.

Pro tip: WordPress has 6 different user roles with limited permissions. Only grant admin access to users who really need it.

6. Use of Nulled Plugins/Themes

Coming back to the importance of plugins/themes, users have access to many websites that sell nulled or pirated copies of popular and paid plugins and themes. While these are free to use, they are often riddled with malware. They can compromise your website’s overall security and make it easier for hackers to exploit.

Being a pirated copy, nulled plugins/themes do not have any available updates from its development team, hence will not have any security fixes.

How do you fix this problem? Simple, for a start, only download original plugins and themes from trusted websites and marketplaces.

Pro tip: If you don’t wish to pay for paid or premium plugins and themes, opt for a free version of the same tools that will have limited features but are still safer to use than the nulled version.

7. Unprotected Access to wp-admin Folder

To take control of your site, hackers often try to break into and control your wp-admin folder in your installation. As the website owner, you must take measures to protect your wp-admin directory.

How can you protect your wp-admin folder? First, restrict the number of users having access to this critical folder. Additionally, apply for password protection as an added layer of security for access to the wp-admin folder. You can do this using the “Password Protection Directories” feature of the cPanel in your web host account.

Pro tip: Besides these fixes, you can also implement Two Factor Authentication (or 2FA) protection for all your admin accounts.

8. Non-SSL Website

You can easily migrate your HTTP website to HTTPS by installing an SSL certificate on your site. SSL (or Secure Socket Layer) is a secure mode of encrypting any data transmission between your web server and the client browser.

Without this encryption, hackers can intercept the data and steal it. Plus, a non-secure website can have many negative implications for your business – lower SEO ranking, loss of customer trust, or a drop in incoming traffic.

How do you fix this problem? You can quickly obtain an SSL certificate from your hosting company or SSL providers. It encrypts all data that is sent from and received by your website.

Pro tip: You can get a free SSL certificate from places like Let’s Encrypt, but these provide limit protection that will only be sufficient for a starter site or small site.

9. No Firewall Protection

Lack of firewall protection is another common reason why hackers can bypass website security measures and infiltrate the backend resources. Firewalls are the last line of defence against hackers and work like the security alarm installed on your house. Firewalls monitor web requests coming from various IP addresses, including the suspicious (or bad) ones.

They can identify and block requests that are known to be malicious in the past, thus preventing easy access for hackers to your website domain. Web application firewalls can thwart various attacks, including brute force attacks, XSS, and SQL injections.

Pro tip: A firewall provides much-needed security and is your first line of defence. But it’s important to also have a malware scanner installed.

10. Lack of WordPress Hardening Measures

Typically, hackers target the most vulnerable areas or weaknesses within a WP installation, to illegally access or damage the website. The WordPress team has identified these vulnerable areas and has devised a list of 12 hardening measures recommended for every website.

A few of these include:

Disabling the File Editor;
Preventing PHP execution in untrusted folders;
Changing the security keys;
Disallowing plugin installations;
Automatic logout of inactive users;

How do you implement these hardening measures? While some steps are easy to understand, others require the technical expertise of how WordPress works.

Pro tip: You can implement hardening measures on your own. However, some measures require technical expertise so in these cases, it’s much easier and safer to use a plugin.

Featured image via Pexels.

Source

Source de l’article sur Webdesignerdepot

13 novembre 2020/par Service comm.

API Security Weekly: Issue #105

Actualités, Méthodes et organisation des process IT

This week, we take a look at API vulnerabilities in HashiCorp Vault, Azure App Services, and more. There is also an introductory video on finding information disclosure in JSON and XML API responses, and another cheat sheet and a webinar on OWASP API Security Top 10.

Vulnerability: HashiCorp Vault

Felix Wilhelm from Google’s Project Zero has written a very detailed write-up on an authentication bypass he found in the Amazon Web Services (AWS) and Google Cloud Platform (GCP) integration of HashiCorp Vault. As a central storage of credentials, Vault makes an attractive target for attackers, and therefore a vulnerability in it is also very bad news. Looking for the silver linings, this attack was definitely quite advanced, and thus not easily exploitable.

Source de l’article sur DZONE

15 octobre 2020/par Service comm.

51% Attack Proves Blockchain Is ‘Unhackable’ The Way The Titanic Was ‘Unsinkable’

Actualités, Méthodes et organisation des process IT

Photo credit Flickr/Descryptive.com

Turns out, blockchain technology isn’t quite as foolproof as all the hype would have you believe. A new article from MIT Technology Review explains that as blockchain systems become increasingly complicated, the likelihood that they can – and most assuredly will – be hacked goes through the roof.

Source de l’article sur DZONE

22 février 2019/par Service comm.