Explaining XSS and CSRF By Google

By Tony Perez | June 25, 2014 |
XSS CSRF Software Vulnerabilities

Came across this video earlier today and found it very informative — explaining the difference between XSS and CSRF (XSRF). I find that most people rarely understand or differentiate between the two so hopefully this video helps. It’s laid out in a very clear way.

Read More

Secure Your Traffic on Public WiFi

By Tony Perez | May 5, 2014 |
Security on WiFi

Often when I give talks on website security one of the various discussion points is, and rightfully so, around your individual posture when interacting on the web. This often means being aware of things like transferring your data insecurely over the web. This insecure act is often achieved through the use public WifI access points…

Read More

Forensics: Analyzing a WordPress Attack / Hack

By Tony Perez | November 8, 2013 |
Analysis Website Security Hack

Recently one of our honeypots was it by an attacker and in the process we were able to gather a bunch of good intelligence on the actions taken by the attacker. I write and detail the forensics of the attack in my latest post, for Sucuri: Case Study: Analyzing a WordPress Attack – Dissecting the…

Read More

Analysis of Top 1 Million Domains

By Tony Perez | September 6, 2013 |
Analysis Top Websites

Over at Sucuri, our researchers have been having fun downloading the internet, in the process they found some interesting data… Also be sure to check out the blog post, Over 10 of Alexa Top Million Websites Are Not Safe, on the subject.

Read More

OSSEC – Detecting New Files – Understanding How it Works

By Tony Perez | July 27, 2013 |
Security

I recently saw some discussion in the OSSEC distribution list of someone having an issue with getting OSSEC syscheck to work right in real-time. It reminded me of a similar issue I had with my own configuration and others I have read about, so I figured I’d write something to shed light on how OSSEC’s…

Read More

Crazy April for the WordPress Platform

By Tony Perez | April 25, 2013 |
WordPress Security

In case you haven’t been following the month of April has been a bit of a whirlwind for website owners, specifically those using the WordPress platform. The good news is it’s motivated me to start writing again, not so much here but on our company blog. That being said, let me get you caught up…

Read More