Summary: Episode 185 of The SitePoint Podcast is now available! This week we have 3/4 of the panel, Louis Simoneau (@rssaddict), Patrick O’Keefe (@ifroggy) and Kevin Dees (@kevindees). Listen in Your Browser Play this episode directly in your browser — just click the orange “play” button below: Download this Episode You can download this episode as a standalone MP3 file. Here’s the link: SitePoint Podcast #185: CSRF is the New SQL Injection (MP3, 47:38, 45.8MB) Subscribe to the Podcast The SitePoint Podcast is on iTunes! Add the SitePoint Podcast to your iTunes player. Or, if you don’t use iTunes, you can subscribe to the feed directly. Episode Summary The panel discuss topics such as Google’s new Disavow Links tool, the numbers of different security threats and where they come from, the new ReadWrite site and more! googletag.cmd.push(function() { googletag.display('div-gpt-ad-1328644474660-10'); }); Here are the main topics covered in this episode: Cross-site Scripting Attacks Up 69% – Insider ReadWrite – Editor’s Note: Welcome To The New ReadWrite Google Launches Disavow Links Tool Browse the full list of links referenced in the show at http://delicious.com/sitepointpodcast/185. Host Spotlights Louis: jq – A Lightweight and Flexible Command-line JSON Processor Kevin: Debugging CSS Media Queries · Johan Brook Patrick: Not Quite What the Doctor Ordered Interview Transcript Louis: Hello and welcome to another episode of The Site Point Podcast. We’re back this week with a news and commentary show. With me are 2 of the regular panelists, Kevin Dees and Patrick O’Keefe. Hi, guys. Kevin: Howdy, howdy. Patrick: We’re back. Louis: Yeah. It hasn’t been, you know, terribly long since you were here on the last show. Steven unfortunately is away this week. He’s sick. So we’ll hope he feels a little bit better and he can get back with us next time. Kevin: Get well. Louis: So let’s dive straight into this week’s news. Patrick. You had a couple of stories there. Patrick: Yeah. I do have a couple of stories. So Firehost is a cloud hosting provider. They’re renowned for their secure cloud host and they really focus on security and they have published the results of a statistical analysis of 15 million cyber attacks that were blocked from their servers in the U.S. and Europe during the 3rd quarter of 2012. What they found, I see they categorized the attacks into 4 different categories. Those were as follows: Cross-site scripting, cross-site request forgery, directory traversal and SQL injection. Of those 4 categories, the cross site scripting attacks far and away were the leader and most importantly, they grew by an estimated 69%, those 2 types of attacks. Cross-site scripting represented 35%, cross-site request forgery 29%, directory traversal 24% and SQL injection was just 12%. If you don’t know what those are, you’re like me and you’re really a Layman, the XSS attacks, the cross-site scripting attacks involve web application gathering malicious data from a user via a trusted site, often coming in the form of a hyperlink containing malicious content. Then the CSRF or the cross-site request forgery attacks exploit the trust the user has for a particular site. Those 2 attacks are far and away the most prevalent, likewise, the United States was the most prevalent as far as the origination of the attacks. 74% or 11 million came from the US. There was a shift though with the 2nd place country which in this quarter was Europe, or I shouldn’t say country, but Europe was 17% of all malicious attacks whereas Southern Asia was 6%. They have previously been the second place leader. This is the part where I just kick it over to you guys to talk about the importance of sanitizing and whatever words you use. Louis: Yeah. Obviously, this is interesting in a few [...]
