Blog

Blog > Security

section.io adds Signal Sciences Web Protection Platform

Stewart McGrath | June 21, 2017 | Security

We are pleased to announce today that we have added the Signal Sciences Web Protection Platform to section.io’s modular content delivery grid. Both section.io and Signal Sciences focus on bringing security, agile practices, and DevOps workflows to enterprises that are tackling the shift to cloud and modern application deployment.

Read More

Top Security Threats to Ecommerce Websites

Roxana Elliott | June 06, 2017 | Security, E-commerce

In the past few years it’s seemed like there has been a new widespread security breach every other week. High profile incidents such as Heartbleed and WannaCry and hacks of notable entities including Sony Pictures and the Democratic National Committee have brought cyber security to the front of people’s minds. The magnitude of Distributed Denial of Service (DDoS) attacks has risen with the increased number of devices connecting to the internet, and as more of the population engages with these devices the risk of sensitive information being taken advantage of continues to rise.

Read More

Web Application Firewalls and the Future of Website Security

Roxana Elliott | May 03, 2017 | Security

Web application firewalls have been around for over 20 years, but recent advancements in how they block bad traffic and are managed by development teams encouraged us to take a look at the history of firewalls, WAFs, and where website security is heading.

Read More

The Challenge of Content Delivery for SAAS Companies

Roxana Elliott | March 21, 2017 | Performance, Security

Software as a Service or SAAS platforms are all over the Internet – they are pre-built services for companies that don’t want to create their own software for a specific need, and include job boards, online support systems, internal portals, and more. Many of these SAAS companies offer custom domains to their customers. This feature allows brands to use these services while maintaining their own brand identity. By “white-labelling” URLs, end-customers feel comfortable that they are staying within the ecosystem of the website they are on.

Read More

section.io and Recent Global CDN Security Concerns

CJ Brewer | February 24, 2017 | Security, CDNs 101

Summary of security issue raised In the past few days, vulnerability researchers at Google discovered Cloudflare’s reverse proxies were dumping uninitialized memory into their outputs, opening up websites that use Cloudflare to data leaks. This data included cookies, passwords, encryption keys, and even user’s private data from large sites that use Cloudflare.

Read More

How Scalability and Bots Impact Product Launches

Roxana Elliott | February 08, 2017 | Security, Performance, Marketing

Have you ever gone to an ecommerce site right as a highly anticipated launch was occurring and found yourself locked out or inventory immediately gone? Flash sales or new product launches can be both a blessing and curse for ecommerce sites: While they bring motivated visitors who are ready to purchase quickly, they can also be plagued by scalability issues, bots holding product up in shopping carts, and malicious traffic that aims to re-sell items on a third-party site such as eBay.

Read More

section.io adds Threat X, an Intelligent WAF

Roxana Elliott | February 01, 2017 | Security

Today we’re excited to announce that we have added Threat X, an intelligent Web Application Firewall, to section.io’s choice of reverse proxies. At section.io we’re committed to bringing you a choice of the best-in-class solutions for website performance and security. That’s why we let you choose which unmodified, open-source version of Varnish Cache works with your application, and now you have the choice between two WAFs: Threat X, which is a next-generation intelligent WAF backed by a team of security experts, and ModSecurity, a leading open-source WAF.

Read More

How Private-Public Key Encryption Keeps Data Safe

Roxana Elliott | January 11, 2017 | Security

You may have noticed that over the past few months more and more websites have started to use HTTPS, the secure version of the communications protocol HTTP, for all of their pages. In Google’s Chrome browser, sites not using HTTPS now include an “information” icon next to address which states “Your connection to this site is not secure. You should not enter any sensitive information on this site (for example, passwords or credit cards), because it could be stolen by attackers.”

Read More

The Varying Levels of DDoS Protection

Melissa Kilbourne | December 19, 2016 | CDNs 101, Security

A DDoS attack is a distributed denial of service attack. This means that an attack is coming from multiple places with a high volume of requests with the intent to bring your site down. With section.io we offer a few different levels of DDoS protection to our customers in the event of an attack.

Read More

Announcing the section.io Partner Program

Pete Jordan | December 01, 2016 | Performance, Security, Culture

section.io works with digital agencies, development shops, and hosting services to improve website performance and security

Read More

Debugging a secure website

Jason Stangroome | November 28, 2016 | Security

How to Debug an HTTPS Website As the Internet evolves with an ever increasing demand for security, websites are taking a full-HTTPS approach combined with additional features like Strict Transport Security (HSTS) and Public Key Pinning (HPKP). Websites adopting HTTP/2 for its performance benefits are also required to use HTTPS everywhere.

Read More

Free YXORP

Stewart McGrath | November 16, 2016 | Caching, Security, CDNs 101

This week, section.io is at the DeFrag Conference in Broomfield, Colorado, a technology conference that focuses on those at the core of every technology company: developers. section.io was founded by developers, for developers, and was built out of a frustration with the way Content Delivery Networks make it difficult for developers to easily drive and test the performance and security tools CDNs offer. At DeFrag we are launching our “Free YXORP” campaign, a movement to unleash the power of reverse proxies, which have long been held captive by Content Delivery Networks.

Read More

How to Be Ready for a Magento Security Incident

Jason Stangroome | November 14, 2016 | Magento, Security

A few weeks ago Magento published a very helpful article to their Security Center outlining the steps to follow after suffering a malware attack on your Magento site. It is a great resource to save away in case you ever find yourself in this situation, however, it is also beneficial to understand what exactly is involved so you can prepare now.

Read More

The section.io eBook on Optimizing your Magento Site for Performance

Roxana Elliott | October 04, 2016 | Magento, E-commerce, Performance, Security

Improve your ecommerce site with our eBook on performance and scalability for Magento In September we became a Magento Select Technology Partner, and for the past few weeks we’ve been hard at work compiling all our Magento knowledge so that merchants who want to improve their Magento site speed and scalability, get information on hosting for Magento, read about Magento cache options and more have a singular resource to turn to.

Read More

Web pages without HTTPS will be labelled insecure

Jason Stangroome | September 27, 2016 | Security

In case you missed it: Chrome to mark non-HTTPS pages insecure Google recently announced that in version 56 of their Chrome browser (expected in about 3 months) will change the address bar to clearly label websites served without HTTPS as “not secure” if the page contains a password or credit card input field.

Read More

section.io Introduces Community Forum

Stewart McGrath | September 22, 2016 | Performance, Security, CDNs 101

We’re pleased the introduce the section.io Community Forum, where section.io users and those looking for information about Content Delivery Networks, Varnish Cache, and general website performance and security enhancements can post and answer questions. Anyone can read questions by others on the Community Forum, and to ask your own questions sign up for a free section.io account.

Read More

Introducing Multiple SSL Certificates on section.io

Melissa Kilbourne | September 14, 2016 | Security

We’re pleased to annouce that section.io now supports multiple free SSL certificates if your website application uses multiple domains. The section.io platform can now create, manage, and renew a free SSL certificate for all the domains that use one section.io configuration, so you don’t have to worry about your SSL certificate expiring and your website becoming more vulnerable to attacks.

Read More

Varnish WAF Options

Daniel Bartholomew | September 07, 2016 | Varnish Cache, Security

It’s common that a modern web site will want the advantages of Varnish’s excellent programming model in tandem with a WAF.

Read More

Ensuring Your SSL Certificate is Setup on Magento

Stewart McGrath | August 30, 2016 | CDNs 101, Security, Magento

A Study of how Magento Websites use SSL for HTTPS Recently, section.io studied a random sample of around 330 websites running on Magento Enterprise, the leading eCommerce solution for large businesses.

Read More

The cost of HTTP 404 Page Not Found

Jason Stangroome | August 26, 2016 | Caching, Security, Performance, Varnish Cache

Reducing 404 error pages on your website Do you know how many resources are consumed by your origin web servers to determine that a requested URL is non-existent and render the Not Found response page? Many site owners cannot answer this question, and most of the time this is fine because a well-managed site will rarely need to serve a 404 under normal conditions.

Read More

Quick Analysis of ABS Census Outage

Stewart McGrath | August 09, 2016 | Security, Performance, Caching

As we know, millions of Australians have not been able to lodge their Census online as the ABS Census site is offline.

Read More

Announcing free hosted DNS

Melissa Kilbourne | June 22, 2016 | CDNs 101, Security, Performance

We have recently released two new features that make it easier to utilize section.io’s CDN for your website. There are two requirements to start serving traffic over section.io:

Read More

Announcing free Automated HTTPS Certificates

Melissa Kilbourne | June 22, 2016 | Security

We have recently released two new features that make it easier to utilize section.io’s CDN for your website. There are two requirements to start serving traffic over section.io:

Read More

Canonical bare domains and cookies

Jason Stangroome | June 21, 2016 | Varnish Cache, Caching, Security

Suppose you bought the domain name “example.com” for your website. Will your visitors enter www.example.com or just the bare domain example.com in their browser’s address bar to access your site?

Read More

Cross-site request forgery and caching

Jason Stangroome | June 13, 2016 | Caching, Security

As summarised by OWASP, Cross-Site Request Forgery (CSRF) is “an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated”.

Read More

A little help improving your website's transport security

Jason Stangroome | May 09, 2016 | Security

Ivan Ristic of Qualys blogged last year about a TLS Maturity Model, citing that “over time, … deploying TLS securely is getting more complicated, rather than less”.

Read More

ModSecurity for DDOS Attacks

Daniel Bartholomew | April 24, 2016 | Security

DDOS attacks come in many styles and target various layers of a system. It is increasingly common to see attacks targeted at Layer 7, where a surge of HTTP requests is made to your site.

Read More

Vanity Tracker Domain HTTPS with Pardot & Salesforce

Elijah Glover | April 15, 2016 | Marketing, Security

Most astute companies are using marketing automation software to help streamline their marketing message and increase sales results. Security and performance typically aren’t your first thoughts when setting up such systems and configuring vanity tracker domains.

Read More
Blog Categories

Interested in articles about a specific topic? Click on a category to see all related content.

section.io Sign up

Want to get started improving your website performance, scalability, and security? Sign up for a 14 day free trial of section.io and see what we can do for you!

Get started