background preloader

IT Security

Facebook Twitter

SSL Decoder. IP address information. Enabling Strict Transport Security (HSTS) – Brian Love. I am continuing a series of articles focused on migrating a website to support HTTPS Everywhere.

Enabling Strict Transport Security (HSTS) – Brian Love

The goal of HTTPS Everywhere is to have the entire web be secure using the latest security and best practices. However, we also have to be aware of the possible performance implications with using HTTPS. The first step we took to improve performance over HTTPS was to enable the keep-alive connection header. The next step we want to take now is to enable the strict transport security (HSTS) header. TLS Receiver Test. Securing your site. This section provides security configuration advice for site administrators and includes both "things you should actively do" and "things you shouldn't do".

Securing your site

The order of chapters is an attempt at identifying the priority of the configuration based upon the likelihood that it will be helpful, and the potential benefit/harm of the configuration. Site administrators should also sign up for the security mailing list. People interested in discussing security should join Best Practices in Security Group. There are a number of contributed modules which can help with security, not all of which are documented in this handbook. One such is the Security Review module which provides an analysis of your security configuration. You can also read documentation for writing secure code and about the security implications of translations from The key to security is eternal vigilance.

Security updates can be followed through the Drupal Security page. 10 Online Free Tools to Scan Website Security Vulnerabilities & Malware. One of the most trending talk in Information Technologies are Web Security.

10 Online Free Tools to Scan Website Security Vulnerabilities & Malware

Do you know 96% of tested applications have vulnerabilities? Below chart from Cenzic shows different types of vulnerably trend found. We often pay attention in website design, SEO, contents and underestimate the security area. As a website, blog owner web security should have higher importance than anything. This article is in response of “Apache Web Server Hardening & Security Guide”.

Scan My Server ScanMyServer is one of the most comprehensive report of varieties of security test like SQL Injection, Cross Site Scripting, PHP Code Injection, Source Disclosure, HTTP Header Injection, Blind SQL Injection and many more. SUCURI is the most popular free website malware and security scanner. Qualys SSL Labs, Qualys FreeScan SSL Labs is one of most used tools to scan SSL web server.

FreeScan test website for OWASP Top Risks and malware, against SCP security benchmark and many more. Quttera Detectify Virus Total. Sucuri SiteCheck - Free Website Malware Scanner. Enter a URL (ex. and the Sucuri SiteCheck scanner will check the website for known malware, blacklisting status, website errors, and out-of-date software.

Sucuri SiteCheck - Free Website Malware Scanner

Disclaimer: Sucuri SiteCheck is a free & remote scanner. Although we do our best to provide the best results, 100% accuracy is not realistic, and not guaranteed. Website Malware Cleanup Got Malware? Not sure how to clean it up? Website Malware Scanning Sucuri scanners use the latest in fingerprinting technology allowing you to determine if your web applications are out of date, exploited with malware, or even blacklisted.

YARA - The pattern matching swiss knife for malware researchers. YARA in a nutshell YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples.

YARA - The pattern matching swiss knife for malware researchers

With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic. Let's see an example: The above rule is telling YARA that any file containing one of the three strings must be reported as silent_banker.

YARA is multi-platform, running on Windows, Linux and Mac OS X, and can be used through its command-line interface or from your own Python scripts with the yara-python extension. Online Ping, Traceroute, DNS lookup, WHOIS, Port check, Reverse lookup, Proxy checker, Bandwidth meter, Network calculator, Network mask calculator, Country by IP, Unit converter.