Updated: March 27, 2020 by Oliver Sild
WebARX has helped to prevent millions of attacks on the web. Since we have helped web developers and digital agencies offer more secure web development services, we have learned and seen that there is a problem that needs a much deeper focus. It’s the problem of component security.
We have the capacity to help and improve the component security problem on a wide scale to save an uncountable amount of time and money from incidents that could be avoided.
What is component securty in websites?
Components are all different pieces of code that make up your website.
As an example, you own a WordPress site, so you’re probably using many components on your sites such as the CMS (WordPress Core), Plugins and Themes. Most of them are built by someone else, and therefore you rely on their experience, coding skills, and trust that what they have built is safe and secure.
Third-party components, such as plugins and themes account for 98% of the security issues in the WordPress ecosystem.
We’re clearly seeing the direction towards which the industry is moving. Getting into web development is easier than ever with tools such as page-builders and modular content management systems (like WordPress) clearly dominating the presence on the web.
Our own data confirms that most of the infections and hacking incidents are in-fact caused by outdated and vulnerable plugins, themes or other types of third-party code on the site.
Over the years of protecting websites, we have reached an understanding that what has made WebARX so efficient, is our strong focus on providing managed firewall with real-time virtual patches.
We’ve seen too many hardening techniques provide questionable value. Sometimes even make no difference at all when a website is vulnerable due to a flawed component.
It’s not just a problem with WordPress. Based on different studies, some claim that even 85% of the code on average web application comes from third-party components.
In most cases, that means that the security of your website depends on the coding experience of the people you have never met.
By setting our sails to take a deep-dive into solving only one very specific problem, we see the opportunity to make a much greater impact on web security as a whole.
While you’ve seen us building WebARX, doing globally recognized vulnerability research and spreading awareness through our threat data, we’ve been very busy on the background by working on something big.
We have been beta testing the first-ever bug bounty platform for open-source web app components. The aim of the platform is to create a large community of ethical hackers to find vulnerabilities within the plugins and components you use.
The platform will allow us to help plugin developers to detect and fix the vulnerabilities within their code early on.
Connecting it with WebARX provides an unmatched threat feed to protect our customers’ websites from the vast attack surface caused by third-party components in real-time.
Over the upcoming months, you will see WebARX moving rapidly towards better component vulnerability detection and prevention. You will see a central view of plugins and will have security statistics of the components combined from all your sites (some surprises await you as well).
Stay tuned for updates and news soon. Make sure you join our Facebook community.
You will see us investing in integrations this year to make WebARX connect with the software you already use, many of which will come with deeper partnerships.
Thanks to the sharper focus, we can offer highly detailed and complete integrations to enable web developers, digital agencies and even cloud hosting providers to protect their customers with ease.
If you’re interested in specific integrations or would be excited to have our value transferred to your customers through a strategic partnership, please write to us.
Keep in mind that we have integrations pipeline queued, so depending on the partnership or integration you propose, it might take some time for us to work on it.
What will happen to the features and functionality that we currently provide, but which are not addressing the third-party component security issue?
Focus comes with a cost and therefore we have reprioritized our internal product roadmap together with discontinuing the development of some of the features. The features that have drifted too far away from our core focus.
Unfortunately, some good examples of such features would be WordPress backups and uptime monitoring.
We will definitely let you know when the time comes and make sure to recommend good alternatives for those who currently rely on any of the discontinued WebARX features.
While we’re already spreading the security awareness through our vulnerability research and via talks and podcasts, we will take it even further. We will open free resources to learn web security for web professionals, freelancers, and agencies.
There are a lot of myths, false-advertising, and misconceptions when it comes to website security. It’s still common for most website owners to think that their site is not even attractive to hackers and therefore it won’t be targeted.
We will have an open knowledge-base with videos and resources, which you can complete fully as a curriculum to be recognized as a responsible web professional and service provider. You can also link to the resources whenever you need help explaining security to your customers.
We won’t be alone in this, you will see many known professionals and familiar faces making it an exceptional source to learn.
Hopefully, together we can secure the whole web one website at a time!
Protect your websites from malicious traffic - set-up in under 3 minutes.
WebARX is compatible with the following platforms: