Data breaches are always big news. Understanding common security threats and malicious attacks are a big step in avoiding any negative publicity or preventing your business grinding to a halt. This article reviews 3 of the most common security vulnerabilities: BYOD, Third-Party Vendors, and Malicious Intent.

You may notice that some bots often visit and scan your website aggressively, which wastes a lot of web server resources. Fortunately, it is possible to block those bots based on their user-agent string. This article will go in-depth on how to block specific user agent(s) and referers on a NGINX or Apache web server.

In this article, we will take a quick tour of the JWT and its capabilities. We will go over its structure and build a JWT from scratch. We will then explore its most common uses and talk about stateful (server-side) and stateless (client-side) sessions. Finally, we will end with a review of the cryptographic security features that make the JWT a staple in authorization workflows.

This tutorial will show you how to set up HSTS in NGINX and Apache. It has been tested with NGINX 1.1.19 and Apache 2.2.22 on Ubuntu 12.04, Debian 6 & 7 and CentOS 6. However, these are just the referenced versions and it should work on other distributions as well.