Explaining XSS and CSRF By Google

Came across this video earlier today and found it very informative – explaining the difference between XSS and CSRF (XSRF). I find that most people rarely understand or differentiate between the two so hopefully this video helps. It’s laid out in a very clear way.

If you’re looking to protect your website against attacks like this I’d recommend leveraging a Website Firewall.

Secure Your Traffic on Public WiFi’s


Often when I give talks on website security one of the various discussion points is, and rightfully so, around your individual posture when interacting on the web. This often means being aware of things like transferring your data insecurely over the … [Continue reading]

Sucuri Is Hiring!!

Please pass this on to your contacts, my company, Sucuri, is actively hiring. If you think you'd make a good fit please let us know. … [Continue reading]

WordPress Security – Learning From Hacks

This evening I will be giving a presentation at WordSesh at midnight PST (0800 UTC). Here is the presentation I plan to give. When the video is published I will share it as well. This goal of this presentation is to learn from hacks as … [Continue reading]

Forensics – Analyzing a WordPress Attack / Hack

Recently one of our honeypots was it by an attacker and in the process we were able to gather a bunch of good intelligence on the actions taken by the attacker. I write and detail the forensics of the attack in my latest post, Case Study: Analyzing a … [Continue reading]