Skip to main content

Free control review · v0.1.0

Website Defacement Campaign — Control Review

Ongoing pattern of website defacements where attackers replace site content to push a political or trophy message. Implies the targeted CMS / web tier has unpatched vulnerabilities, weak admin credentials, or missing WAF.

  • defacement target area
  • framework
  • 6 controls in this program
  • Mustafa Senior Reviewer
Sign in to run → Back to library

About this program

Threat context: Website Defacement Campaign

This program audits the controls that mitigate the above threat. Each procedure references one mapped control. Run the program to score your exposure.

Risks addressed

Controls (6)

  1. Web application firewall

    A web application firewall (WAF) is a security appliance or cloud service that inspects HTTP/HTTPS traffic between clients and web applications, blocking malicious requests based on signatures, behavioral analysis, and policy rules. The WAF filters common attack patterns including SQL…

    How to test + evidence

  2. CMS patching and updates

    This control ensures that Content Management Systems (CMS) such as WordPress, Drupal, Joomla, and their associated plugins, themes, and core modules are systematically patched and updated to address known vulnerabilities. Organizations must maintain inventories of all CMS instances, track version…

    How to test + evidence

  3. Input validation and output encoding

    Input validation and output encoding are complementary security controls that protect applications from injection attacks and data corruption. Input validation examines all user-supplied and external data against defined acceptance criteria (type, length, format, range) before processing, rejecting malformed or suspicious…

    How to test + evidence

  4. File integrity monitoring

    File integrity monitoring (FIM) is a security control that tracks and alerts on unauthorized changes to critical system files, directories, binaries, configuration files, and application code. FIM tools create cryptographic hashes or checksums of baseline file states and continuously or…

    How to test + evidence

  5. Geo-blocking on the web tier

    Geo-blocking at the web tier restricts inbound HTTP/HTTPS traffic based on the geographic origin of the request, typically identified by source IP address GeoIP mapping. This control is implemented using web application firewalls (WAF), content delivery networks (CDNs), reverse proxies,…

    How to test + evidence

  6. Backup and rapid restore

    Backup and rapid restore controls ensure that critical data and system configurations are regularly copied to secure, independent storage and can be recovered quickly following data loss, corruption, ransomware encryption, or system failure. This involves automated backup scheduling, immutable or…

    How to test + evidence