Quality of WordPress Plug-Ins: An Overview of Security and User Ratings
Upcoming SlideShare
Loading in...5
×
 

Quality of WordPress Plug-Ins: An Overview of Security and User Ratings

on

  • 102 views

Slides from my SocialCom-PASSAT/ 2012 presentation: ...

Slides from my SocialCom-PASSAT/ 2012 presentation:
Teemu Koskinen, Petri Ihantola, Ville Karavirta (2012). Quality of WordPress Plug-Ins: An Overview of Security and User Ratings. In: SOCIALCOM-PASSAT ’12: Proceedings of the 2012 ASE/IEEE International Conference on Social Computing and 2012 ASE/IEEE International Conference on Privacy, Security, Risk and Trust. Washington, DC, USA: IEEE Computer Society, pp. 834–837. ISBN: 978-0-7695-4848-7.
doi: 10.1109/SocialCom-PASSAT.2012.31

Statistics

Views

Total Views
102
Views on SlideShare
102
Embed Views
0

Actions

Likes
0
Downloads
0
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Quality of WordPress Plug-Ins: An Overview of Security and User Ratings Quality of WordPress Plug-Ins: An Overview of Security and User Ratings Presentation Transcript

  • Teemu  Koskinen,  Petri  Ihantola,  and  Ville  Karavirta   Aalto  University,  Finland   Quality  Of  WordPress  Plug-­‐Ins:     An  Overview  of  Security  and  User  Ra>ngs  
  • The  Problem   Do  plugin  ra>ngs  predict  the   amount  of  implementa>on   related  vulnerabili>es  in   WordPress  plugins?  
  • Data collection and analysis 1.  Download a set of random plug-ins. 2.  Collect their download statistics and ratings from wordpress.org. 3.  Use the RIPS vulnerability scanner to detect potential vulnerabilities 4.  Compare the the number of potential vulnerabilities and vulnerability densities to the star ratings We also reviewed some potential vulnerabilities to find out if those are real
  • Preliminary   Results   Sample  of  322  plugins   •  total  of  3,792,711  downloads   •  total  of  2,783  user  ra>ngs   •  179,393  lines  of  PHP  code   860  poten>al  security  bugs  were  discovered  from   127  plugins.    
  • Preliminary   Results   60.6%  of  the  plug-­‐ins  were  “clean”   and  most  of  the  others  had  only  few  vulnerabili>es  
  • Preliminary   Results   3,792,711  downloads  and  2,783  ra>ngs   Only  7  ra>ngs/reviews  for  every  100  downloads  
  • Preliminary   Results   Ra>ngs  are  not  good  at  explaining  the  amount  or   density  of  the  vulnerabili>es,   although  there  is  a  weak  nega>ve  correla>on.  
  • Preliminary   Results   Light  manual  review  revealed  real  problems  from     a  popular  (>4k  downloads)  plugin  
  • Conclusions     "Based  on  our  findings,  we  are  confident  that  there   are  real  risks  involved  when  using  third-­‐party  plug-­‐ ins  on  a  WordPress  site.  Many  plug-­‐ins  appeared   not  to  be  vulnerable,  but  as  the  user  ra6ngs  and   download  counts  do  not  assist  in  finding  secure   plug-­‐ins,  proper  inspec6on  should  be  done  by  sta6c   analysis  or  manual  review  before  using  any  plug-­‐in   on  a  WordPress  site.  The  cost  of  soGware   development  and  fast  schedules  in  the  industry  make   installing  plug-­‐ins  an  aHracIve  soluIon,  but  we   hope  our  findings  encourage  developers  to  take  the   6me  to  inspect  the  code  before  using  it."  
  •   h]p://www.flickr.com/photos/simonehudson/6101238497     h]p://www.flickr.com/photos/stria>c/229531275/     h]p://www.flickr.com/photos/23950335@N07/6032357954     h]p://www.flickr.com/photos/kareneliot/2710464400     h]p://www.flickr.com/photos/21572939@N03/2090542246/     Ladybug  photo  ©Kimmo  Roimela  used  with  a  permission   Thank  you!