MX misconfigurations aren’t exactly breaking news. They’re a common issue that users deal with on a daily basis. When your MX (Mail Exchange) records aren’t properly set up, it can create serious problems, not just in terms of email delivery, but also for the overall security of your domain. According to data from 2IP.io, Google […]
Cybersecurity flaws come in many forms. While most affect operating systems, libraries, or web apps, some go after a less obvious but equally critical target: DNS servers. Over the years, several CVEs affecting DNS servers have been discovered, and some of them rank among the most serious security risks out there. DNS is what makes
Attackers aren’t just sending sketchy links anymore; they’re crafting subdomains that look almost identical to real websites, called phishing subdomains. It’s not just a trick; it’s a tactic designed to fool even the most cautious users. So the question is: how dangerous has phishing become? Let’s check out some stats to answer that. According to
SSL/TLS encryption is critical for securing online communication, but even small configuration mistakes can expose your site to significant vulnerabilities. For example, 71% of organizations reported SSL/TLS-related attacks last year. According to OWASP, in 2021 for example, 90% of applications were tested for some form of misconfiguration. Let’s explore the top 20 SSL/TLS misconfigurations, the
Top 20 SSL/TLS Misconfigurations You Need to Avoid Read More »
If you’ve ever played with web servers, dug into browser dev tools, or optimized a website’s security and performance you’ve probably run into HTTP headers. Among the most common headers, we can find HSTS, used by almost 3500 of the top 10,000 websites in the world, according to the current data provided by Built With.
Security is more important than ever, new threats are emerging daily in the internet world. Have you ever wondered how web browsers protect your data integrity when you visit different websites? Meet Cross-Origin-Resource-Policy (CORP), a cool tool to secure your online data. Cross site requests are a big part of web security, especially in the
Cross-Origin-Resource-Policy (CORP) Configuration Guide Read More »
The internet can feel like a minefield sometimes, but features like Cross-Origin Resource Sharing (CORS) are here to make things safer and more reliable. Of course, even the best tools have their flaws. Did you know that a study of the top 1 million websites found that about 3.75% had CORS settings so loose they
CORS Headers: Cross-Origin Resource Sharing Configuration Guide Read More »
The Hidden Dangers of Security Misconfigurations Security misconfigurations are a leading cause of data breaches and cybersecurity incidents. According to IBM’s 2024 Cost of a Data Breach Report, misconfigurations, often categorized under IT failures and human error, contribute to nearly half of all breaches, with associated costs averaging $4.88 million per incident. In fact, Gitprotect
The Hidden Dangers of Security Misconfigurations Read More »
Despite its intricate name, this policy plays a key role in stopping security threats by regulating the incorporation of web resources into a page from external sources. COEP is a security feature that allows only reliable elements to access your website, which shields us against some potential vulnerabilities. Additionally, implementing headers that enable cross origin
Cross Origin Embedder Policy: An Essential Tool for Ensuring Web Security Read More »
Nowadays, the issue of online privacy has become a top priority for both internet users and developers. As we surf the web, we encounter many websites and applications that often request access to our personal information and our device’s resources. This has created a critical need to manage and control who and what can access
Permissions Policy HTTP Header: Configuration and Examples Read More »
