Browsed by
Category: WAF

Other uses of .htaccess: Making a .htaccess-based WAF

Other uses of .htaccess: Making a .htaccess-based WAF

If you’re a web developer, you’re probably fammiliar with .htaccess. If you’re not, let me give you a quick introduction: .htaccess is a part of Apache. A .htaccess file provides a way to make configuration changes on a per-directory basis without needing to edit Apache’s main configuration files. .htaccess is useful for many purposes: it can be used for URL rewriting, IP address blocking, restricting access to certain directories and so on. What I’m going to focus on today is probably a bit…

Read More Read More

An old Ticket System Security Analysis

An old Ticket System Security Analysis

Since I started building websites few years ago, I’ve created a few projects. Some of them never saw daylight, some of them were deleted upon creation, some of them still reside in my project archive. When I was trawling through the archive a few days ago, I came across one of them. It was a ticket system I first made back in April 2016 – the whole project was dubbed a “Secure Ticket System” so it instantly caught my attention….

Read More Read More

BreachDirectory has passed the 5 Billion record mark – here’s what it means

BreachDirectory has passed the 5 Billion record mark – here’s what it means

When I first began creating BreachDirectory, I thought I’d see at most a hundred million records. Okay, maybe half a billion. But this, this is something else altogether.. Today, BreachDirectory has passed the 5 billion record mark. I’m not sure whether this is a celebratory occasion though, because five billion – billion – people having their data compromised in one way or another is never a good thing. But hey, that is the reality of the web today. Data breaches are…

Read More Read More

A journey back in time: The analysis of the first version of my WAF

A journey back in time: The analysis of the first version of my WAF

As you might already know, back in 2014, I’ve developed a custom Web Application Firewall. You’ll see one adorning BreachDirectory and indeed, you can see one on this blog too. The primary reason I’ve started making it is that I wanted to have one file that I could incorporate into a website to improve its security. Back then, the firewall was pretty simple – it only blocked basic attack vectors, but hey, it did work as it was supposed to, so…

Read More Read More

10 ways to increase the security of your WordPress application

10 ways to increase the security of your WordPress application

When someone mentions WordPress, you will often hear people saying “don’t use it, it’s insecure”. In a sense, those people are right – there is no such thing as a “silver bullet” in security. There are a few ways developers can fend off attacks concerning WordPress though – let’s dive into them. 1. Fundamentals The very first thing you should do is use HTTPS instead of HTTP. Now I get that a blog isn’t a bank and your readers could…

Read More Read More

The path to a custom Firewall and a Content Security Policy on a Blog

The path to a custom Firewall and a Content Security Policy on a Blog

Few years ago I found myself looking for a firewall. I’ve looked at various options from various security companies, but couldn’t find what I was looking for – the firewalls at the time were either too expensive or lacked some of the features I required. As I kept thinking about this, I decided I’m not buying one and so, in 2014, I ended up building a custom WAF.. What is a WAF? A WAF is short for Web Application Firewall. The primary…

Read More Read More