Protecting Your Website: CloudFlare or Incapsula?

By Tony Perez | November 13, 2012
Truths Website Security

I get this question a lot whenever I talk with clients or give presentations, “How do I prevent my website from being hacked?”. Many actually confuse the service we offer at Sucuri as a preventive service. Good thing we don’t advertise preventive services. That’s right, our service sits in the detection and remediation realm. By…

Read More

Spoofing an Admin’s Cookies Using Burp

By Tony Perez | November 5, 2012
Spoofing Cookies

Here is a quick little video I put together to show you how spoofing a users cookies works. This is not a real example, in most instances an application like Burp suite would be used in conjunction with a XSS attack or some equivalent attack. The objective is to get someone with higher privileges to…

Read More

2012 NCSA / Symantec: National Small Business Cyber Security Study

By Tony Perez | October 16, 2012
Information About Website Security

The National Cyber Security Alliance (NCSA) partnered with Symantec to conduct an online safety survey study of Small to Medium businesses. It was just released October of 2012 and as surprising as some of the data points are, they really shouldn’t be. The total representative sample group was 1,015 US based SMB’s (250 employees or…

Read More

OSSEC Agent to Server Connection Issues

By Tony Perez | October 9, 2012
Website Servers

So naturally, as of late, I have found myself doing more than I probably need to on my servers and in the process causing more headaches then required. One of those issues has been with the communication between my agents and the mother-ship (command control) server with my OSSEC installs. For more details information, be…

Read More

Update WPSCAN using GIT on BackTrack 5R2

By Tony Perez | October 3, 2012
Website Security Expertise

So I have been playing with a number of tools lately and this was perhaps one of the easiest things I couldn’t figure out. Talk about having a “WTF” moment. If you’re curious, wpscan is a vulnerability scanner designed to pentest WordPress applications. It has a number of features that allow you to enumerate usernames, plugins, and…

Read More

Black Hole Exploit Kit 2.0 Released

By Tony Perez | September 13, 2012
Security Vulnerability

If you’re not aware, there are number of kits available to crackers intent on causing your website harm. And NO, not all crackers are created equal. There are those that are developing and creating their own infections and then there are those that leverage the infections being developed. Today, one of the most prevalent kits…

Read More