10 relatively simple steps you can take to dramatically increase the security of your website. Understanding them will provide insight into how to help make you a better web master/site operator.
Security is more critical than ever with new computing environments in the cloud and expanding access to the Internet. There are a number of security protection mechanisms available for MongoDB to ensure you have a stable and secure architecture for your deployment. We'll walk through general security threats to databases and specifically how they can be mitigated for MongoDB deployments.
Security is more critical than ever with new computing environments in the cloud and expanding access to the Internet. There are a number of security protection mechanisms available for MongoDB to ensure you have a stable and secure architecture for your deployment. We'll walk through general security threats to databases and specifically how they can be mitigated for MongoDB deployments.
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Outlyer
A review of AWS security concepts, leaks at Beamly, an Introduction to Hashicorp Vault and how we use use Vault at Beamly.
Watch YouTube video here: http://bit.ly/25ytNAD
Join DevOps Exchange London Meetup: http://bit.ly/22y4Var
Follow DOXLON on Twitter: http://bit.ly/1ZdugEJ
Lights, Camera, Action - Windows Azure Media Services on the Loose - the Azug...Mike Martin
You just cannot imagine the Web without audio and video services. Up until now, if you want to include streaming media content in your websites or applications, you need to rely on third party services or massive computing capacity for media transcoding, and streaming to a range of client devices. With the release of Windows Azure Media Services and the Media Services SDK, these capabilities are becoming easily available for you to incorporate in your websites and applications. In this session we'll give an overview of Windows Azure Media Services, and you'll learn from a series of demos how you can take advantage of the platform to add media content to your development. We'll also see what the competition has in store and what's missing.
The Azure Storage service provides a massively scalable solution for applications that require scalable, durable, and highly available storage for their data. What are your options if you need to get a bunch of data into, out of, or between your Azure Storage accounts? . This talk will offer a quick introduction to AzCopy, a tool built on top of the Azure Storage APIs that provides command-line functionality for moving data into or across Azure Blob, File, and Table storage subscriptions. Its new “cousin”, the Azure Storage Data Movement library – which allows programmatic access to the AzCopy functionality – will also be discussed.
Tips for Fixing A Hacked WordPress Site - Vlad LaskyWordCamp Sydney
WordPress's popularity has made it a prime target for hackers. Each day countless self-hosted WordPress sites are damaged or taken down, usually by automated attacks exploiting known vulnerabilities.
Many WordPress site administrators only learn way too late about the important of pre-emptive security hardening after they have become victims of an attack and have suffered the consequences - loss of visitors, search engine ranking and damage to data.
Vlad Lasky from Aussie WP Expert shares his strategies and approaches to recovering compromised WordPress sites.
Common ways in which WordPress sites are compromised
Assessing the damage
Determining the means of infiltration
Recovering the WordPress installation
Preventing reinfection
Restoring Search Engine ranking
In this presentation you will learn about how to secure your WordPress website.
In first part I have covered reasons why your WordPress website get hacked/tampered and in second part I have explained various security pre-caution that you can take to make your WordPress website more secure. I have categorized checklist so it will be easy for any one to understand and follow it. Hope it will help you better. Best of luck for your website security.
Neil Saunders (Beamly) - Securing your AWS Infrastructure with Hashicorp Vault Outlyer
A review of AWS security concepts, leaks at Beamly, an Introduction to Hashicorp Vault and how we use use Vault at Beamly.
Watch YouTube video here: http://bit.ly/25ytNAD
Join DevOps Exchange London Meetup: http://bit.ly/22y4Var
Follow DOXLON on Twitter: http://bit.ly/1ZdugEJ
Lights, Camera, Action - Windows Azure Media Services on the Loose - the Azug...Mike Martin
You just cannot imagine the Web without audio and video services. Up until now, if you want to include streaming media content in your websites or applications, you need to rely on third party services or massive computing capacity for media transcoding, and streaming to a range of client devices. With the release of Windows Azure Media Services and the Media Services SDK, these capabilities are becoming easily available for you to incorporate in your websites and applications. In this session we'll give an overview of Windows Azure Media Services, and you'll learn from a series of demos how you can take advantage of the platform to add media content to your development. We'll also see what the competition has in store and what's missing.
The Azure Storage service provides a massively scalable solution for applications that require scalable, durable, and highly available storage for their data. What are your options if you need to get a bunch of data into, out of, or between your Azure Storage accounts? . This talk will offer a quick introduction to AzCopy, a tool built on top of the Azure Storage APIs that provides command-line functionality for moving data into or across Azure Blob, File, and Table storage subscriptions. Its new “cousin”, the Azure Storage Data Movement library – which allows programmatic access to the AzCopy functionality – will also be discussed.
Tips for Fixing A Hacked WordPress Site - Vlad LaskyWordCamp Sydney
WordPress's popularity has made it a prime target for hackers. Each day countless self-hosted WordPress sites are damaged or taken down, usually by automated attacks exploiting known vulnerabilities.
Many WordPress site administrators only learn way too late about the important of pre-emptive security hardening after they have become victims of an attack and have suffered the consequences - loss of visitors, search engine ranking and damage to data.
Vlad Lasky from Aussie WP Expert shares his strategies and approaches to recovering compromised WordPress sites.
Common ways in which WordPress sites are compromised
Assessing the damage
Determining the means of infiltration
Recovering the WordPress installation
Preventing reinfection
Restoring Search Engine ranking
In this presentation you will learn about how to secure your WordPress website.
In first part I have covered reasons why your WordPress website get hacked/tampered and in second part I have explained various security pre-caution that you can take to make your WordPress website more secure. I have categorized checklist so it will be easy for any one to understand and follow it. Hope it will help you better. Best of luck for your website security.
Michael Westendorf presents FileMaker Security. With the recent security breaches at companies like Anthem, Target, and Morgan Stanley, it is important to stop and review security measures that we as FileMaker developers have at our disposal.
Learn about the following:
-Configuring your FileMaker file to prevent unwanted access
-FileMaker Server security best practices
-Scripting techniques for enhanced security
-Security industry trends
-FM injection on web forms
-Checklist to securing your application
Blog World 2010 - How to Keep Your Blog from Being HackedBrian Layman
This presentation was given in Las Vegas at BlogWorld 2010 by Brian Layman. It describes techniques that can be used to keep your WordPress website safe.
Security is more critical than ever with new computing environments in the cloud and expanding access to the internet. There are a number of security protection mechanisms available for MongoDB to ensure you have a stable and secure architecture for your deployment. We'll walk through general security threats to databases and specifically how they can be mitigated for MongoDB deployments. Topics will include general security tools, how to configure those for MongoDB, and security features available in MongoDB such as LDAP, SSL, x.509 and Authentication.
Attackers don’t just search for technology vulnerabilities, they take the easiest path and find the human vulnerabilities. Drive by web attacks, targeted spear phishing, and more are commonplace today with the goal of delivering custom malware. In a world where delivering custom advanced malware that handily evades signature and blacklisting approaches, and does not depend on application software vulnerabilities, how do we understand when are environments are compromised? What are the telltale signs that compromise activity has started, and how can we move to arrest a compromise in progress before the attacker laterally moves and reinforces their position? The penetration testing community knows these signs and artifacts of advanced malware presence, and it is up to us to help educate defenders on what to look for.
An Introduction To IT Security And Privacy - Servers And MoreBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on servers and review the previous 3 weeks. Librarians and anyone else in a library
Up and Running with WordPress - Site Shack Nashville Web DesignJudy Wilson
A simple slideshow that provides a brief look at the WordPress backstory + additional information and recommended sources for themes, security measures, hosts and more.
A free webinar to learn how to make your site secure.
Learn :
- Common problems that are easily overlooked
- Simple solutions to forecast that your website may be under attack
- Easy two step trick using an FTP client to correct a very common mistake
- Hidden gems of data in your site that often indicate a hack or pending hack
- and more
If you own or maintain an open source website, based on Joomla, WordPress or Drupal, you owe it to yourself to attend. Don't fall victim to these common problems that hit even the most savvy of administrator. Join the webinar and learn how you can improve your security at little to no cost.
See you at the webinar. Be prepared to take notes.
Visit www.corephp.com to learn more about 'corePHP'
This was presented at the March 16th, 2016 WordPress Meetup in Hamilton and describes WordPress Security and best practices that should be taken to protect any WordPress website against hackers whom target WordPress websites and impact your Google reputation and online presence.
MySQL is the most popular database on the web but how do you keep your data safe as it is virtualized, contained, put into the cloud, replicated, and sharded out to servers where DBAs have minimal actual control.
Protect Your WordPress From The Inside OutSiteGround.com
The recent spike of hack attempts on various WordPress sites has made it more urgent than ever to take actions and secure your WordPress in the best possible way. In this webinar the WebDevStudios founders show the best practices and share insightful tricks how to protect your WordPress from getting hacked:
- WordPress Security Threats & Trends
- WordPress Admin Security Settings
- Securing Files, Folders & Databases
- Bullet Proof Passwords
- Vulnerable WordPress Extensions
- Recommended Plugins & Services
Security is more critical than ever with new computing environments in the cloud and expanding access to the internet. There are a number of security protection mechanisms available for MongoDB to ensure you have a stable and secure architecture for your deployment. We'll walk through general security threats to databases and specifically how they can be mitigated for MongoDB deployments. Topics will include general security tools and how to configure those for MongoDB, an overview of security features available in MongoDB, including LDAP, SSL, x.509 and Authentication.
Similar to 10 tips to improve your website security (20)
Logs: Understanding Them to Better Manage Your WordPress SiteSucuri
In this webinar we will highlight the various activity, access, and error logs WordPress site administrators have at their fingertips. Plus, learn how logs can best be used to manage, troubleshoot, and most importantly, secure your sites.
From this webinar you will learn how to:
- Highlight suspicious activity before it becomes a security issue.
- Identify possible malicious activity in the log files, allowing you to thwart attacks.
- Trace back a malicious user’s activity in a post-compromise scenario.
- Utilize log file information to better protect, manage, and improve user accountability.
Webinar: Personal Online Privacy - Sucuri SecuritySucuri
Like what you see? Hit the like button so we know to make more :)
Stay ahead of emerging threats. Sign up to receive technical information about current security issues, vulnerabilities, and exploits. Click to Subscribe: https://bit.ly/2KP2pei
Victor Santoyo: In this webinar, we’ll describe action items that can improve the security state of internet-connected devices we all use every day. These devices will include common household staples such as: WiFi Routers, iOS/Android devices, and personal computers.
We’ll also cover improvements to items such as 2FA, browser add-ons, and other such considerations.
Follow #SucuriSecurity
Instagram: https://www.instagram.com/sucurisecur...
Twitter: https://twitter.com/sucurisecurity
Facebook: https://www.facebook.com/SucuriSecurity/
Join us as we delve into the minds of website hackers and reveal how to fight them.
At Sucuri, we clean hundreds of sites daily, so we see the type of malware that’s injected into sites. This gives us a better understanding of why attacks happen.
We’ll dive into the game of website security and explain the reasons behind it all:
- Targeted attacks
- Random attacks
- SEO attacks
- Why me?
In this webinar, we will highlight the different types of hacks, how they work, and what to do post-hack.
We will also share some examples of hacked websites and discuss the most common methods attackers use to target them, plus how they determine if your site is a worthy candidate and how they operate once access is gained.
A few takeaways from this webinar include:
- How do you define a hack?
- What are the OWASP Top 10?
- What is a back door?
- XSS, SQL injection, and others
During this presentation, we'll discuss the ins and outs of website security. Using good security practices as a website owner helps keep the entire web environment as clean and safe as possible.
Expect to learn about:
- What website security is and how to approach the subject when making your own plan.
- The various access points and attack surfaces of a website.
- Simple ways to increase security for all website owners.
- Intermediate ways to further secure websites.
- General online security practices and preparedness.
Our Website Hacked Trend Report provides insights on the top open-source CMS security, out-of-date software, and specific malware families we see on hacked websites in the Sucuri environment.
We’ve built this analysis from prior reports to identify the latest tactics, techniques, and procedures (TTPs) detected by our Remediation Group. A total of 18,302 infected websites and 4,426,795 cleaned files were analyzed in our recent publication.
Tony will discuss high-level findings on a range of topics, including:
- Affected open-source CMS applications
- Outdated CMS and blacklist analysis
- Malware families and their effects
Sucuri Webinar: What is SEO Spam and How to Fight ItSucuri
How and why does SEO spam infect a website? This webinar will discuss what attackers gain from spam campaigns and how to deal with it effectively. We will cover different types of SEO spam and why your website can be a target. You will also learn how to protect your website from these attacks.
Topics include:
- What is SEO spam?
- How does SEO spam infect your website, and why?
- Should you worry if you have a small website?
- How to detect SEO spam.
- How to protect your website against SEO spam.
More webinars at https://sucuri.net/webinars
Sucuri Webinar: How To Know For Sure You Can Trust A PluginSucuri
There are more than 40 thousand plugins out there. How can you be sure that you're making the right decision in choosing a safe option?
This webinar will help develop a strategy that minimizes that risk and keeps you secure when downloading WordPress plugins.
Sucuri Webinar: Tis the Season for Credit Card Scraping and Malware Trends Sucuri
Join Josh and Victor as they go over the latest trends of malware that we are seeing so you know what to look for.
- What's new on the malware front
- Old malware making a reappearance
- Credit card scrapers tactics
If you, create sites for customers and looking to add security as an offering, or you own a site and want to be aware, then this webinar is for you!
Sucuri Webinar: WAF (Firewall) and CDN Feature Benefit GuideSucuri
Sales Enablement Webinar 3 of 4. We will be covering our Firewall and CDN.
A feature benefit guide for our agencies and end users. Why use our firewall? What kind of protection does it offer? How does it affect the efficiency and speed of my site? Will it affect my server's resources? Find out the answers to these questions and more:
- 14 POPs around the world. Find out where.
- Tips on how to sell different CDN and Firewall features.
- Discover how to block different global locations. Yes, you can!
...plus other neat information on obscure settings!
Sales Enablement Webinar 2 of 4. In this webinar we will be covering the Sucuri API.
A lot can be done with our API to make your life easier and more automated. Here are just a few things we will show you can do with our API:
- Create your own dashboard
- Share data with your customers
- Change firewall settings
- Clear the cache
- Add developers
...plus a sneak peek at things to come in the next version of the API!
Sucuri Webinar: Website Security Primer for Digital MarketersSucuri
During this webinar, Alycia will explain how marketing professionals can easily add security to their diverse toolkit. This skill helps organizations prepare for incidents and prevent others.
Reputation management falls on marketing. By championing the protection of web content, marketers can uphold their company’s reputation and make the web safer for everyone.
Sucuri Webinar: Sucuri Introduces the Sales Enablement DepartmentSucuri
During this webinar, you will meet our Sales Enablement team and preview the marketing information packages we have created for web agencies.
- Guide to talking with clients about website security
- Email templates to send to clients
- Case studies from other web professionals
- Checklist for securing client projects
This is part one of a four-part series where we show you how to position website security to your customers. Our Sales Enablement team will be in attendance for this webinar providing an extended Q&A section… so bring your questions!
Sucuri Webinar: How Caching Options Can Impact Your Website SpeedSucuri
When a website is accessed, the server usually needs to compile the website code, display the end result and provide the visitor with all the website's assets. This all takes a toll on your server resources, slowing down the total page load time and increasing the chances of a small DDoS attack bringing it down.
To avoid this overhead, it's necessary to leverage certain types of caching whenever possible.
This webinar is for beginners and web professionals to learn about the three most used caching types in practice: Static Files caching, Page Caching, and In-Memory Caching.
Sucuri Webinar: Simple Steps To Secure Your Online StoreSucuri
During this webinar, we'll discuss some basic security concepts for your online store that include what tools you'll need to remain PCI compliant as well as how to keep your data safe. Some key takeaways will include:
- Reducing Your Attack Surface
- Protecting Cardholder Data
- Creating a Disaster Recovery Plan
We'll also identify principles and practices that can address multiple PCI requirements at once to help save time and effort.
If you're considering security for your site or are new to our services, this webinar will guide you through Sucuri's simple setup processes. Potential notifications, support options for various scenarios, and ways that you can also work to keep your site malware-free will be discussed.
Here’s what you’ll learn:
Intro/Quick review of dashboard areas (monitoring, firewall, backups, support)
Opening a malware removal request
Setup: Firewall, Backups, Monitoring
Notices you might receive/support options for each: Firewall blocks, Monitoring alerts, Reporting
Tips & tricks (whitelist IP API, bypass prevention, steps to stay clean)
Sucuri Webinar: Is SSL enough to secure your website?Sucuri
It's a move we've seen coming since early 2017. Chrome HTTP sites are now officially being marked as 'not secure'.
With Chrome dominating 62.85% of the browser market space as of last month means that even small changes can have a big impact on website owners if ignored.
To avoid this, we will address the most pertinent questions we are asked:
*What steps happened to get to this point?
*Why is it still happening?
*What is SSL?
*How does SSL help secure the internet?
*Why is SSL not a standalone solution in making a site secure?
*What can you do to ensure your site isn't marked 'not secure' by Chrome?
Sucuri Webinar: Preventing Cross-Site Contamination for BeginnersSucuri
Cross-site contamination happens when one hacked site infects other sites on a shared server. This webinar is for beginners and web professionals to understand cross-site contamination and how to prevent it.
We will be covering:
- What is cross contamination?
- Why is it a risk?
- How to explain it to web service clients.
At the end of this webinar, you'll be able to explain cross-site contamination to anyone, regardless of their technical knowledge.
Webinar: CWAF for Mid Market/Enterprise OrganizationsSucuri
In today's complex security landscape, web applications pose a significant risk to Mid-Market and Enterprise organizations.
The question is, how can an organization secure their web properties without sacrificing performance. The answer may be a Cloud-based Web Application Firewall.
This webinar will introduce the concept of the CWAF, and the benefits of web application security in the cloud.
Samples of topics covered include:
- What is a cloud-based web application firewall
- The benefits of using a CWAF
- How to improve security and performance
- How to implement a CWAF in complex web environments
This live Q&A-based webinar is designed for development managers, large websites with unique and complex infrastructure/server environments, and anyone who is concerned about securing their web applications.
Insights provided in the webinar will help you operate more secure networks, infrastructure, and web applications.
You can see the video recording of this webinar at the end of the slides.
Webinar ran: Thu, May 31st, 2018 at 11 am PST
During this webinar, we explained how many of the PCI compliance standards for safe handling of payment card data are closely aligned with the data retention policies of the new GDPR regulations – from managing personal data, potential breach implications, and properly logging your systems.
Also, we shared some best practices and what to expect moving forward as it relates to data security.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
10. Update, Update, Update!
• Check your server for old CMS
installations!
• “But my website breaks whenever I
update to the latest version!”
11. Security Response
• Using popular CMS frameworks can result in
being targeted by hackers for purposes of
distributing malware and viruses
• Difficult to gauge what the potential damages
of an insecure/hacked website
• Average costs start at $200 yearly
*Prices based on WPsitecare.com
14. Extension Selection
• Check for when it was last updated
• Age of the extension
• Number of installs
• Verify its source
• Average cost of WP Premium theme is $46
*Prices based on www.wpvirtuoso.com
15. Default CMS Settings
• Most attacks are entirely automated
and many attacks rely on default
settings
21. File Permissions
• Confirm your permissions status
For files use:
find /home/xxxxxx/domains/xxxxxxx.com/public_html -type f -exec chmod 644 {} ;
Everyone can read the file but only the owner may write to the file
For directories use:
find /home/xxxxxx/domains/xxxxxxx.com/public_html -type d -exec chmod 755 {} ;
Everyone may read/execute (run) but only the owner(you) may change the directories
22. Sensible User Access
• Every user has the appropriate permission
they require to do their job
• Separate user accounts for every user
23. Sensible User Access
• Monitor any recent file changes
find /home/xxxxxx/domains/xxxxxxx.com/public_html
-type f -ctime -1 -exec ls -ls {} ;
24. One Site, One Server
With 5 sites on a single server
now an attacker might have:
2 WordPress installs
3 Joomla! installs
5 Themes
50 plugins
that can be targets
25. One Site, One Server
Cross-Site Contamination:
Biggest reason for single
server spread of infection
Average cost of separate
server space: $47 monthly
*price from whoishosting.com based on
differences between shared ($3.95) / VPS ($29.99)/ dedicated ($99.99) servers
26. Backups
• Should be stored offsite and not on the same
server as your website (e.g. Dropbox)
• Should be automatic
• Adjust frequency as needed
• Test backups to make sure the work!
27. Backups
• Consider backing up only key files (i.e., themes,
plugins, extensions, etc…).
• Often backing up core directories like
administrator, includes will be unnecessary
• Average Costs: $5 - $10 monthly
*Prices based on top 30 solutions from Cloudwards.net
28. SSL
What are the benefits?
• Encrypts communications between
Point A & Point B – the website
server and browser.
•E-Commerce security, websites with
sensitive user data or Personally
Identifiable Information (PII)
29. SSL
What does it protect exactly?
•E-Commerce security, websites with
sensitive user data or Personally
Identifiable Information (PII)
Costs for SSL certificate can range
anywhere from $225 to $399 annually
*Prices based on actual figures from SSLShopper.com
34. Passwords mean P@s5w0rD$
• 3 key requirements should always be followed
(CLU – Complex, Long, Unique)
• Complex: Should be random
• Long: Should be 12+ characters
• Unique: Do not reuse passwords