Astra Web Security Blog - Website & CMS Security News

astra, web, security, blog, website, cms, security, news

WooCommerce Security Tips

Statistics from the Small Business Trends website show that 43 percent of cyber attacks target small businesses. As expected, the risks go up when businesses are banking on ecommerce solutions such as WooCommerce. This plugin is manageable, works seamlessly with WordPress, and is compatible with basic website optimization functions. It’s also free! The basic themes are, anyway. With all these…

Business logic or application login is the core logic of your website. Business logic defines how data can be created, stored and modified. It is the features that are specific to your business and usually developed for you. For example, e-commerce websites allow visitors to add products to a shopping cart, specify the quantity, delivery address, and payment information. The business logic…

OpenCart Magento Malware Infections

Last week was quite a busy one for our team. We tackled a number of website hack cases. A number of instances were of malware infections, websites getting blacklisted by Google and even getting defaced by hackers. Statistically, majority of these cases were from OpenCart followed by Magento. The top three OpenCart & Magento malware infections/attack vectors found were: The…

Recently, we published an update on a severe Magento vulnerability which was released by the DefenceCode team. Soon after Bosko Stankovic (the Defensecode researcher who discovered this Magento vulnerability) released a follow-up article. Bosko confirms that Magento would be patching these in the upcoming updates. Through this article, Astra aims to explain the severity of these vulnerabilities, and how one needs to…

CSRF-All You Need to Know -Astra Security

Cross-Site Request Forgery (CSRF) is one of the most rampantly occurring online attack. Also notoriously known as XSRF or “Sea-Surf”, it is listed as the 8th most common web application vulnerability in the OWASP Top 10 report of 2017 cyber-attacks. Understanding CSRF Execution of a CSRF attack involves a malicious website sending a request to a web application via another formerly authenticated…

Japanese Keyword Hack Many website owners have contacted us worried about Japanese SEO Spam or Japanese Keyword Hack in Google search results for their websites. This happens when different web pages are shown to search engines and normal visitors. This particular Blackhat SEO technique hijacks Google search results by displaying Japanese words in the title and description of the infected pages.…

A variety of web applications employs database systems for the provision of backend functionality. A widely used language used to query, operate, and administer database systems is Structured Query Language (SQL). Owing to its rampant use in web applications globally, SQL-powered databases are easy and frequent targets for cyber-criminal acts, the severity of which depends solely on the intricacies of…

Magento Extension PDF Invoice Plus Vulnerability by Astra Magento Security

About PDF Invoice Plus Magento Extension Vulnerability A couple of weeks ago, our security team was performing a security audit on a customer store using Magento. While testing the extensions used by the customer, a critical vulnerability was found in the extension PDF Invoice Plus. This extension is a widely used extension by hundreds of Magento stores to generate invoices…

Clickjacking - All You Need to Know

Often stated as one of the most overlooked of all web vulnerabilities, clickjacking aka UI redress attack refers to a type of attack that tricks users into unwarily clicking on nefarious links set up by the attacker. On clicking these links, the attacker is able to gather confidential information, compromise the user’s privacy, or make a user perform actions online…

Close