Top Banner
TRUE | MANAGED HOSTING ATTACKING WORDPRESS LOOKING BACK Presentator Eddie Bijnen Security Engineer
12

20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks

Sep 04, 2020

Download

Documents

dariahiddleston
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks

TRUE | MANAGED HOSTING

ATTACKING WORDPRESS

LOOKING BACK

PresentatorEddie BijnenSecurity Engineer

Page 2: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks

TRUE | MANAGED HOSTINGATTACKING WORDPRESS

Security engineer¿?!!

Penetratie testen

Ontwikkelen van security oplossingen

Opsporen van hacks

Abuse meldingen

Page 3: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks

TRUE | MANAGED HOSTING

My website isn’t that interesting

ATTACKING WORDPRESS

Page 4: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks

TRUE | MANAGED HOSTING

My website isn’t that interesting

DDoS

Cryptocoin-mining

Spam

Randsom

ATTACKING WORDPRESS

Page 5: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks

TRUE | MANAGED HOSTING

Admin Panel Available

https://www.my-website.nl

/wp-login.php

Unlimited login attempts

Lack of HTTPS

ATTACKING WORDPRESS

Page 6: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks

TRUE | MANAGED HOSTING

Password Reuse

Myspace

Linked-In

Adobe

Dropbox

220+ andere websites

ATTACKING WORDPRESS

Page 7: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks

TRUE | MANAGED HOSTING

Am In Now What?

A valid admin is by default allowed to change files on disk.

ATTACKING WORDPRESS

Page 8: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks

TRUE | MANAGED HOSTING

Backdoor in pirated software

ATTACKING WORDPRESS

Page 9: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks

TRUE | MANAGED HOSTING

I know what you didn’t do last summer

ATTACKING WORDPRESS

Page 10: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks

TRUE | MANAGED HOSTING

Vulnerable Plugins

ATTACKING WORDPRESS

Page 11: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks

TRUE | MANAGED HOSTING

What are the risks

ATTACKING WORDPRESS

“Meldplicht” and possible fine from the Dutch Autoriteit persoonsgegevens

Brand reputation

Additional data cost

Blacklisting of domains

Page 12: 20160430.3 True presentatie - concept · ATTACKING WORDPRESS TRUE | MANAGED HOSTING Security engineer¿?!! Penetratie testen Ontwikkelen van security oplossingen Opsporen van hacks

TRUE | MANAGED HOSTING

https://haveibeenpwned.com/

https://premium.wpmudev.org/wp-checkup/

https://premium.wpmudev.org/blog/ultimate-wordpress-security-

checklist/

TITEL PRESENTATIE

Homework & Questions