DDoS Blog

Securing your APIs

Covering your APIs Web APIs are not exactly a new technology. You can find an API for almost any service offered online. The reason for the popularity is not surprising, APIs easily and efficiently facilitate integration between applications. This inter-application communication allows partnersh[...]

Nov 21st 2017

More

Nginx with Stream Module Dynamic Upstream CNAME

In the age on scalable web applications , many organizations turn to cloud-based server hosting to dynamically add additional servers during peak usage, or attain redundancy by having multiple geographic web \-server locations. One of the methods used for this is DNS CNAME resolution. Using this op[...]

Oct 12th 2017

More

Apache Struts Vulnerabilities and The Equifax Hack, What Happened?

In the wake of the Equifax breach, a lot of people are wondering how the theft of personal information occurred and how it could have been prevented. Equifax initially reported that a vulnerability in Apache Struts was used to infiltrate their public-facing web server. Apache Struts has faced its f[...]

Sep 16th 2017

More

What is Machine Learning?

Machine Learning can appear in many different forms and guises, but a general definition of Machine Learning usually incorporates something about computers learning without explicit programming and being able to automatically adapt. And while Machine Learning has been around for decades as a concept[...]

Sep 6th 2017

More

Don’t ban the bots

I do a lot of DDoS related research online, which results in a lot of DDoS protection related spam/offers. A trend I have seen gaining popularity lately is “ban the bots”. These emails contain a lot of emotionally charged language trying to persuade the reader that bots are destroying the inter[...]

Jul 27th 2017

More

WannaCry FAQ

We have a had a number of enquiries lately about the Ransom Ware Vulnerability. What is it ? WannaCry also know as WanaCrypt 2.0 is a form of malware commonly known as "Ransom Ware". Where did it come from ? It was originally developed by the NSA in the US called "Eternal Blue" and was a way for[...]

May 15th 2017

More

DDoS prevention as part of a robust I.T. Strategy

A decade ago the idea of loss prevention (LP) had been limited to the idea of theft of merchandise. With the advent of online retailing, retailers have discovered that loss must be viewed more broadly to "intended sales income that was not and cannot be realized" [Beck and Peacock, 28]. While Beck a[...]

Jan 16th 2017

More

The Difference Between Positive VS Negative WAF ?

The resurgence in Positive security of late has been a refreshing change to the security landscape dominated by anti-virus scanners, IDS/IPS, and antispam engines. The resurgence is most noticeable in the field of Web Application Security where Web Application Firewalls have been adopting a Positive[...]

Dec 14th 2016

More

Online Certificate Status Protocol (OSCP) Vulnerability

Going Green... Internet security is a passion of mine. It’s why I get up in the morning (it’s also why I sometimes cry myself to sleep). For many netizensprotection is summarized by a green lock icon in the addressbar: That lock tells us that a Certificate Authority (CA) has verified the web[...]

Sep 25th 2016

More

The Difference Between Web Vulnerability Assessment and Penetration Testing

The widespread use of web applications by businesses and organizations has made them a lucrative target for attackers. It only takes one successful exploit to cause a breach in an application's security and compromise an organization and its customers. These incidents have the potential to damage a [...]

Apr 15th 2016

More

DDoS Blog

DDoS Article Categories