Responsible Disclosure

By Tony Perez | November 14, 2012 |
How We Think About Security

As of late I seem to get into more and more discussions around this subject. I am fortunate enough to own a web security company which has grown in brand reputation to the point where when we disclose we often get a response, but that is not always the case. We go through the same…

Read More

Protecting Your Website: CloudFlare or Incapsula?

By Tony Perez | November 13, 2012 |
Truths Website Security

I get this question a lot whenever I talk with clients or give presentations, “How do I prevent my website from being hacked?”. Many actually confuse the service we offer at Sucuri as a preventive service. Good thing we don’t advertise preventive services. That’s right, our service sits in the detection and remediation realm. By…

Read More

Spoofing an Admin’s Cookies Using Burp

By Tony Perez | November 5, 2012 |
Spoofing Cookies

Here is a quick little video I put together to show you how spoofing a users cookies works. This is not a real example, in most instances an application like Burp suite would be used in conjunction with a XSS attack or some equivalent attack. The objective is to get someone with higher privileges to…

Read More

2012 NCSA / Symantec: National Small Business Cyber Security Study

By Tony Perez | October 16, 2012 |
Information About Website Security

The National Cyber Security Alliance (NCSA) partnered with Symantec to conduct an online safety survey study of Small to Medium businesses. It was just released October of 2012 and as surprising as some of the data points are, they really shouldn’t be. The total representative sample group was 1,015 US based SMB’s (250 employees or…

Read More

OSSEC Agent to Server Connection Issues

By Tony Perez | October 9, 2012 |
Website Servers

So naturally, as of late, I have found myself doing more than I probably need to on my servers and in the process causing more headaches then required. One of those issues has been with the communication between my agents and the mother-ship (command control) server with my OSSEC installs. For more details information, be…

Read More

Update WPSCAN using GIT on BackTrack 5R2

By Tony Perez | October 3, 2012 |
Website Security Expertise

So I have been playing with a number of tools lately and this was perhaps one of the easiest things I couldn’t figure out. Talk about having a “WTF” moment. If you’re curious, wpscan is a vulnerability scanner designed to pentest WordPress applications. It has a number of features that allow you to enumerate usernames, plugins, and…

Read More