Update: New TrueTraffic Daily Reports

This week, we're discussing our new alert notification system, some tips on hardening your application against attack, and a new security course you might be interested in.

Product Updates

Google Analytics and every other analytics tool outright lie about the number of requests hitting your site.

They lie because they're made for marketers trying to figure out how to sell more widgets, not for developers and ops folks who are trying to defend against an onslaught of bots, scrapers, and internet weirdos.

Marketing analytics tools will "helpfully" filter out bots and attacks that severely misrepresent the true number of requests your site receives.

This is why we're happy to launch our new daily TrueTraffic* report for all Wafris users.

You can enable the daily report of the actual number of requests hitting the WAF protecting your site by checking the "Daily Report Email" under your User Profile on https://hub.wafris.org

• I just made up the term "TrueTraffic" as I was writing this; it's not trademarked, so if you are building a distributed Web Application Firewall system and would like to use it in your product, please feel free.

Security Tip of the Week

Finding and blocking curl requests against your site can have a substantial positive impact 🙌

Often used for manual reconnaissance, probes, and vulnerability testing, snuffing out curl requests can push you off the list of potential sites an attacker will later release a bunch of bots on.

Community Shout Out

Our friend Greg Molnar has a pre-sale for his forthcoming "Security for Rails Developers" course.

Don't let the name fool you too much as many of the topics covered are relevant to any framework, things like:

• Information Disclosure
• Business Logic Vulnerabilities
• File Uploads
• Unsafe Reflection
• Logging and Monitoring
• Secure Development Processes

Check it out at https://gregmolnar.gumroad.com/l/security-for-rails-developers - and use the code PRESALE to get 35% off the launch price.