Archives: Definitions
What is a TLS protocol?
TLS stands for Transport Layer Security. It is a protocol used to encrypt data that is transmitted over the internet. TLS is used to encrypt all kinds of transmissions, for example via FTP, email (IMAP and SMTP), and within the context of Really Simple SSL: securing the connection between the browser (client) and a website (server). TLS encryption is used to prevent exposure of the transmitted data, whether it be files, email messages or for example payment information or passwords. Nowadays when
What are Secure Cookies?
HTTP cookies are small packets of data stored in your browser. This data may contain sensitive data like passwords or user information and is therefore vulnerable for attacks. To limit vulnerability you can ‘secure’ your cookies by adding specific attributes to the set cookies, making it harder to manipulate by outsiders. Really Simple SSL uses the HttpOnly, secure and use_only_cookies parameters to make cookies more secure. Since Really Simple SSL helps you in securing your website by switching your site to
What are User Enumeration Attacks?
User Enumeration Attacks are techniques with the purpose of finding valid login credentials such as usernames. Although not directly a vulnerability, standard or easy to automatically detect user names make it a easier for attackers to launch brute-force authentication attacks. Security experts will commonly refer to hiding usernames as “Security by Obscurity” which has a negative connotation. We however believe that any security measure that does not interfere with the functionality of your site while thwarting at least some automated
What is X-Content Type Options?
The X-Content Type Options header is usually used to help protect against certain types of attacks, such as drive-by downloads and cross-site scripting (XSS). Drive-by download attacks are especially executed on public forums or other sites with user-generated content. Malicious executable code is uploaded to the forums, disguised as regular images, PDFs, etc. By preventing MIME type sniffing, you can help to ensure that your website content is served with the correct MIME type, which can help to prevent these
What is X-Frame Options?
X-Frame Options is a security header that allows the website administrator to determine whether the site can be loaded in an iFrame. iFrames are commonly used to execute click-jacking attacks. During these attacks a malicious site loads the affected site in an iFrame, tricking site visitors to unintentionally click on buttons or links on the malicious site. The intention could be to download malware, to harvest likes for social pages or to gain access to credentials, personal data, etc. Options