Tony Perez – WindowsTechs.com

How to Find & Fix Mixed Content Issues with SSL / HTTPS

Posted on April 29, 2021 by Tony Perez

Note: We’ve updated this post to reflect the evolving security standards around mixed content, SSLs, and server access as a whole.
With the web’s increased emphasis on security, all sites should operate on HTTPS. Installing an SSL allows you to make t… Continue reading How to Find & Fix Mixed Content Issues with SSL / HTTPS→

Creating a Basic Website Security Framework

Posted on September 8, 2017 by Tony Perez

When you build or remodel a house, construction workers create a strong framework that can withstand the elements to keep your home and possessions secure. But what happens if you ignore proper building codes and inspections? The resulting risks to hea… Continue reading Creating a Basic Website Security Framework→

Google Warnings For Form Input Over HTTP Coming in October

Posted on August 28, 2017 by Tony Perez

For years, Google has been actively seeking ways to encourage website owners to implement SSL certificates. SSL allows websites to be accessed over HTTPS, which encrypts information sent between the visitor and web server.
Recently, we discussed how Go… Continue reading Google Warnings For Form Input Over HTTP Coming in October→

What is Cross-Site Contamination and How to Prevent it

Posted on July 18, 2017 by Tony Perez

If you suffer multiple reinfections and your site is one of many in an account, the odds are high that you’re suffering from cross-site contamination.

Cross-site contamination is when a site is negatively affected by neighboring sites within the same account/server due to poor isolation on the server and/or account configuration. This phenomenon is one of the greatest contributors to the VPS/Dedicated/Shared hosting secure or insecure debate.

The greatest contributor to cross-site contamination is what I call soup-kitchen servers.

Continue reading What is Cross-Site Contamination and How to Prevent it at Sucuri Blog.

Continue reading What is Cross-Site Contamination and How to Prevent it→

The Principle of Least Privilege

Posted on April 21, 2017 by Tony Perez

If you own a website and collaborate with others, the principle of least privilege should never be questioned. It is a computer science principle which has applications and benefits to strengthen your website security posture.

This principle is about:

Using the minimal set of privileges on a system in order to perform an action.
Granting those privileges only for the time the action is necessary.

Access Control Example

If you hire a gardener, you grant them access to your yard – not your bedroom, living room or your home office.

Continue reading The Principle of Least Privilege at Sucuri Blog.

Continue reading The Principle of Least Privilege→

Ask Sucuri: Common WAF Questions and Concerns

Posted on February 22, 2017 by Tony Perez

There is no more frustrating experience than knowing you need something, but not knowing which questions to ask.

This resonates with website owners when they are told they need to add (yet another) security solution to their tech stack – and it’s called a Website Application Firewall (WAF).

I spoke earlier this month about the difference between endpoint and cloud-based WAFs. This article will go into more depth about challenges and considerations for each.

Continue reading Ask Sucuri: Common WAF Questions and Concerns at Sucuri Blog.

Continue reading Ask Sucuri: Common WAF Questions and Concerns→

Ask Sucuri: Common WAF Questions and Concerns

Posted on February 22, 2017 by Tony Perez

There is no more frustrating experience than knowing you need something, but not knowing which questions to ask.

This resonates with website owners when they are told they need to add (yet another) security solution to their tech stack – and it’s called a Website Application Firewall (WAF).

I spoke earlier this month about the difference between endpoint and cloud-based WAFs. This article will go into more depth about challenges and considerations for each.

Continue reading Ask Sucuri: Common WAF Questions and Concerns at Sucuri Blog.

Continue reading Ask Sucuri: Common WAF Questions and Concerns→

Website Application Firewalls (WAF) – Practical Approach to Website Security

Posted on February 3, 2017 by Tony Perez

In 2016, I shared some thoughts about firewalls in general; their history and purpose in the information security domain. The point of the article was to help website owners differentiate between the types of firewalls they might encounter. Today, I will shift my focus specifically to website application firewalls (WAF).

WAFs are not new, but have been traditionally deployed by large organizations. The SMB space has found renewed focus on WAFs over the past three years.

Continue reading Website Application Firewalls (WAF) – Practical Approach to Website Security at Sucuri Blog.

Continue reading Website Application Firewalls (WAF) – Practical Approach to Website Security→

Accounting for Defense in Depth in Website Security

Posted on October 19, 2016 by Tony Perez

In the field of Information Security (InfoSec) we like to use the phrase defense in depth. Like many things, it is a borrowed term with roots dating back millennia (216 B.C. – the second Punic war). It’s a term that refers to tactics employed by militaries around the world in which they would deploy layers…

The post Accounting for Defense in Depth in Website Security appeared first on Sucuri Blog.

Continue reading Accounting for Defense in Depth in Website Security→

Ask Sucuri: Is My Website Hacked?

Posted on October 11, 2016 by Tony Perez

Having your website hacked can be a devastating experience for any website owner. Unfortunately, many website owners rarely know they are infected until days, if not weeks, after the compromise has occurred. Their notification comes in the form of a bl… Continue reading Ask Sucuri: Is My Website Hacked?→