Michael Buckbee
14 Jun 2024
This week, we're discussing our new alert notification system, some tips on hardening your application against attack, and a new security course you might be interested in.
Google Analytics and every other analytics tool outright lie about the number of requests hitting your site.
They lie because they're made for marketers trying to figure out how to sell more widgets, not for developers and ops folks who are trying to defend against an onslaught of bots, scrapers, and internet weirdos.
Marketing analytics tools will "helpfully" filter out bots and attacks that severely misrepresent the true number of requests your site receives.
This is why we're happy to launch our new daily TrueTraffic* report for all Wafris users.
You can enable the daily report of the actual number of requests hitting the WAF protecting your site by checking the "Daily Report Email" under your User Profile on https://hub.wafris.org
Finding and blocking curl requests against your site can have a substantial positive impact 🙌
Often used for manual reconnaissance, probes, and vulnerability testing, snuffing out curl requests can push you off the list of potential sites an attacker will later release a bunch of bots on.
Our friend Greg Molnar has a pre-sale for his forthcoming "Security for Rails Developers" course.
Don't let the name fool you too much as many of the topics covered are relevant to any framework, things like:
Check it out at https://gregmolnar.gumroad.com/l/security-for-rails-developers - and use the code PRESALE
to get 35% off the launch price.
Start blocking traffic in 4 minutes or less