PCI DSS 6.5.6

Information Leakage and Improper Error Handling

Information leakage and improper error handling happen when web applications do not limit the amount of information they return to their users. Web applications have the potential of leaking information about the version of web server (IIS, Apache, etc..) you are running, operating system, patch levels, and name and versions of web applications (PHP, SSL, SQL) your site may be utilizing. This in itself is an important lack of security, but showing detailed error bugs or debug code is as well.
Read the rest of this entry »

Tally Ho and Onward to 2010

2009 has proven to be a busy year of product development for Port80 Software, and we don’t see 2010 being any less productive. We have launched major upgrades and improvements in our tools such as added IIS 7/7.7 support to both CacheRight, our popular caching program, and LinkDeny, our easy to use anti-hotlinking tool.  We’ve also seen point upgrades filled with new features and usability improvements to httpZip, ServerMask, ZipEnable, and ServerDefenderAI.

The future looks bright at Port80 with a major httpZip update with IIS 7/7.5 and Windows 2008 support in early 2010. ServerDefenderVP, our new powerful Web Application Firewall is in its final shakedown as you read this.  By the time you are back to work it might be already out or very shortly after, in time for you to deal with your New Year’s resolution to really lock your Web site/application down.

We look forward to continuing to provide our customers with the professional tools they have come to expect and the device compatibly they can use. We wish all of our clients a happy holiday and a very productive and profitable New Year.

Thank you for your continued patronage.

From all of us at Port80

You Can’t Catch What You Can’t See

The importance of Web application firewalls

The front of your website can appear as calm as a lake surface, but underneath do you really know what kind of trouble is brewing? While your website is online it is being subjected to traffic; tons of traffic for some of you lucky ones, some legitimate, some suspect. The not-so-wanted traffic can include hackers and spammers who are trying to break through the defenses of your site to get to your server and then either corrupt or steal information from your databases. Read the rest of this entry »

Announcing SDVP Webinar Event

Port80 Software Product Webinar Event
Hosted by Thomas Powell, CEO, Port80 Software

Tuesday, July 14, 2009
10:00 – 11:00 am (pst)

Introducing ServerDefender VP

This (1) one hour informational webinar will include an in-depth overview of our powerful new IIS Web application firewall software. During this event you will be able to see ServerDefender VP in action and learn how this tool can work for your organizations’ Web security needs.

Contact Shannon (smccollough@port80software.com) today to reserve your spot for this event!

Have you been XSSed?

In his recent article on XSS vulnerabilities, Brian Krebs of the Washington Post reports that last year thousands of Web sites were cited for harboring security flaws that could be used to attack others online.

“At issue are sites that harbor so-called cross-site scripting (XSS) vulnerabilities, which occur when Web sites accept input from a user usually from something like a search box or e-mail form but do not prevent users from entering malicious code or other instructions.” Read the rest of this entry »