Responsible Disclosure
As of late I seem to get into more and more discussions around this subject. I am fortunate enough to own a web security company which has grown in brand reputation to the point where when we disclose...
View ArticleAnalyzing Malware with REMnux by @hiddenillusion
Brief presentation walking you through the use of REMnux to analyze malware, unfortunately most of the presentation was captured in demonstrations and not fully captured in the presentation: For better...
View ArticleSecurity Implications of WordPress in The Enterprise
My Chileno brother from another mother, Chris Lema, put out a great guest post on WPEngine yesterday talking about WordPress and the Enterprise. He talks to the how and why of it’s emergence in the...
View ArticleClik here to view.
Web Threats Are Real – Be Proactive
This post is really designed for my family and friends. I write it because in the business that I am in I get to see hear the detrimental impact web based threats have on people. I hear horror stories...
View ArticleClik here to view.
Protect Your Website Vulnerabilities With a WAF – New Compairson Report –...
A new report came out in February, put together by Zero Science Lab, in which they compare the effectiveness between CloudFlare and Incapsula. In it they did the same thing Philip Tibom of Sweden did...
View ArticleWordCamp Miami 2013 – WordPress Website Security Presentation
I’ll be in Miami this weekend, April 5 – 7th, 2013, for WordCamp Miami. I’ll be giving a new, updated, talk on Website Security on Saturday. You should come by and say hi if you’re around. If you’re...
View ArticleWordPress Website Security – WordSesh 2013
Here is an online presentation I gave at WordSesh 2013. Always weird when you give an online presentation, unable to gauge the crowd and respond accordingly. Look forward to your feedback.
View ArticleAnalysis of Top 1 Million Domains
Over at Sucuri, our researchers have been having fun downloading the internet, in the process they found some interesting data. Enjoy. Also be sure to check out the blog post on the subject.
View ArticleWordPress Security – Learning From Hacks
This evening I will be giving a presentation at WordSesh at midnight PST (0800 UTC). Here is the presentation I plan to give. When the video is published I will share it as well. This goal of this...
View ArticleExplaining XSS and CSRF By Google
Came across this video earlier today and found it very informative – explaining the difference between XSS and CSRF (XSRF). I find that most people rarely understand or differentiate between the two so...
View ArticleThe Dilemma that is WordPress Security
The past few weeks WordPress Security has come to the forefront of the discussion again, as it often does every few months. As is often the case, it’s highly emotional and generates a lot of...
View ArticleClik here to view.
Importance of Updates in Website Security – WordPress, Joomla, Drupal and CMS’s
In my recent post talking to the dilemma that is WordPress Security, there seemed to be some confusion as to my position on updates. Allow me a moment to provide clarity on the subject, yes, updates...
View ArticleWhat’s wrong with your pa$$w0rd? – Lorrie Faith Cranor
The discussion on access control seems to be common place these days with the latest revelations news. Found this video on some research Lorrie is doing on the subject very interesting and insightful.
View ArticleAccounting for Security in Website Projects
Many know very little about me, my past what I used to do, most just know me for my time in security. There was a time though that I spent as Project / Program Manager for a couple different...
View ArticleHow we Think About Website Security
I recently attended WordCamp San Francisco (WCSF) where Matt Mullenweg, founder of the WordPress project and CEO of Automattic, gave his annual State of the Word. WordCamps are informal,...
View ArticleClik here to view.
Website Security is about Passwords?
Perhaps the thing that annoys me the most when I hear security being shared with end-users is when they get the information wrong or overemphasis on things they don’t understand or can’t support. This...
View Article
