Your SlideShare is downloading. ×
Wordpress Plugins Scanner
Wordpress Plugins Scanner
Wordpress Plugins Scanner
Wordpress Plugins Scanner
Wordpress Plugins Scanner
Wordpress Plugins Scanner
Wordpress Plugins Scanner
Wordpress Plugins Scanner
Wordpress Plugins Scanner
Wordpress Plugins Scanner
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Wordpress Plugins Scanner

422

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
422
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Wordpress Plugins Scanner„To hack or not hack, that is the real question!“ Avădănei Andrei Founder & CEO DefCamp linkedin.com/in/andreiavadanei twitter.com/AndreiAvadanei
  • 2. Short bio● Founder & CEO of DefCamp … and CTO (tech), CFO (financial), CMO (marketing), Sales Manager, Community Manager, Speaker, Team Coordinator :))● Founder Cyber Security Research Center from Romania (CCSIR)● Community manager @worldit.info● Vice President at GREPIT● Volunteer at BitDefender Romania● ...
  • 3. Once upon a time..● Somewhere in the www appeared HTML websites (bullshit)● Then web 2.0 websites took the lights● + third party plugins (hell yeah)● It was a wonderful time full of innovation and peace (>:D<)● Then came the hackers and seized a big opportunnity● But that is another story. >:)
  • 4. Third-party apps● Some sort of crowd development● A good idea, poorly implemented● Used by everybody in different ways (Google, Facebook, Apple, Wordpress, Joomla, Vbulletin, Moodle ..)● Usually there is no security test for apps before being accepted in their market store● And there is the place where all magic starts
  • 5. Case study : Wordpress● 23,688 plugins● 416,305,218 downloads● and counting● Not bad, right?● If we cannot break in the core, lets hack his chilldrens● And here WP Plugins Scanner come in
  • 6. WP Plugins Scanner● White box pentesting tool● Hooked RIPS implemented● You can download plugins from WP directory● You can build some sort of repository on your localhost● Asynchronous scanning● Soon : – target websites and enumerate their plugins – subversioning for plugins – auto-monitor updates – cache-ing results – similar scanners for Joomla, Vbulletin and others?
  • 7. Demo
  • 8. Questions? :-)
  • 9. Thanks!Avădănei AndreiFounder & CEO DefCamplinkedin.com/in/andreiavadaneitwitter.com/AndreiAvadaneigithub.com/CCSIR/WP-Plugins-Scanner
  • 10. Thanks!Avădănei AndreiFounder & CEO DefCamplinkedin.com/in/andreiavadaneitwitter.com/AndreiAvadaneigithub.com/CCSIR/WP-Plugins-Scanner

×