Advertisement
Preventing Common Security Vulnerabilities
Preventing Common Security Vulnerabilities
Preventing Common Security Vulnerabilities
Preventing Common Security Vulnerabilities
Preventing Common Security Vulnerabilities
Preventing Common Security Vulnerabilities
Preventing Common Security Vulnerabilities
Preventing Common Security Vulnerabilities
Preventing Common Security Vulnerabilities

Check these out next

Help test WordPress - developer edition
Help test WordPress - developer edition
Jonathan Bossenger
Interacting with the WP REST API
Interacting with the WP REST API
Jonathan Bossenger
Using the WP REST API
Using the WP REST API
Jonathan Bossenger
Let's code: extending the WP REST API - modifying responses
Let's code: extending the WP REST API - modifying responses
Jonathan Bossenger
Let's code! Converting a Shortcode into a Block
Let's code! Converting a Shortcode into a Block
Jonathan Bossenger
Using Block Patterns in your Block Theme.pptx
Using Block Patterns in your Block Theme.pptx
Jonathan Bossenger
The WordPress Request Lifecycle
The WordPress Request Lifecycle
Jonathan Bossenger
Developing Blocks without React - Part 1
Developing Blocks without React - Part 1
Jonathan Bossenger
1 of 9

Preventing Common Security Vulnerabilities

Mar. 2, 2023
Download to read offline
Technology

Earlier this year, we looked at the theory behind developing WordPress plugins and themes securely. We covered how to develop a security mindset, and the guiding principles of secure development, and looked at the five examples of these principles, Sanitizing Data, Validating Data, Escaping Data, Nonces, and User Roles and Capabilities. In this session, we will look at how these principles are applied in real-world examples, by understanding common security vulnerabilities, how they can be exploited by would-be attackers, and what you can do to prevent them.

Jonathan Bossenger
Code instructor/ex-developer at Automattic
Advertisement
Advertisement
Advertisement

Recommended

WordPress Plugin SecurityWordPress Plugin Security
WordPress Plugin SecurityJonathan Bossenger71 views9 slides
Debugging in WordPressDebugging in WordPress
Debugging in WordPressJonathan Bossenger13 views9 slides
Let's code: custom content & custom capabilitiesLet's code: custom content & custom capabilities
Let's code: custom content & custom capabilitiesJonathan Bossenger39 views9 slides
Developing for multisiteDeveloping for multisite
Developing for multisiteJonathan Bossenger89 views11 slides
Developing Blocks without React - Block Supports.pptxDeveloping Blocks without React - Block Supports.pptx
Developing Blocks without React - Block Supports.pptxJonathan Bossenger27 views9 slides
Let's code: developing WordPress User Roles and CapabilitiesLet's code: developing WordPress User Roles and Capabilities
Let's code: developing WordPress User Roles and CapabilitiesJonathan Bossenger43 views9 slides

More Related Content

Similar to Preventing Common Security Vulnerabilities(20)

Help test WordPress - developer editionHelp test WordPress - developer edition
Help test WordPress - developer edition
Jonathan Bossenger28 views
Interacting with the WP REST APIInteracting with the WP REST API
Interacting with the WP REST API
Jonathan Bossenger70 views
Using the WP REST APIUsing the WP REST API
Using the WP REST API
Jonathan Bossenger70 views
Let's code: extending the WP REST API - modifying responsesLet's code: extending the WP REST API - modifying responses
Let's code: extending the WP REST API - modifying responses
Jonathan Bossenger57 views
Let's code! Converting a Shortcode into a BlockLet's code! Converting a Shortcode into a Block
Let's code! Converting a Shortcode into a Block
Jonathan Bossenger19 views
Using Block Patterns in your Block Theme.pptxUsing Block Patterns in your Block Theme.pptx
Using Block Patterns in your Block Theme.pptx
Jonathan Bossenger23 views
The WordPress Request LifecycleThe WordPress Request Lifecycle
The WordPress Request Lifecycle
Jonathan Bossenger16 views
Developing Blocks without React - Part 1Developing Blocks without React - Part 1
Developing Blocks without React - Part 1
Jonathan Bossenger80 views
Developing Blocks without React - Controls.pptxDeveloping Blocks without React - Controls.pptx
Developing Blocks without React - Controls.pptx
Jonathan Bossenger23 views
Creating a WordPress multisite networkCreating a WordPress multisite network
Creating a WordPress multisite network
Jonathan Bossenger36 views
WordPress Coding StandardsWordPress Coding Standards
WordPress Coding Standards
Jonathan Bossenger47 views
Let's code! What Happens When You Make Theme ChangesLet's code! What Happens When You Make Theme Changes
Let's code! What Happens When You Make Theme Changes
Jonathan Bossenger16 views
Global Styles Variations in Block Themes.pptxGlobal Styles Variations in Block Themes.pptx
Global Styles Variations in Block Themes.pptx
Jonathan Bossenger29 views
Creating Custom Templates and Template PartsCreating Custom Templates and Template Parts
Creating Custom Templates and Template Parts
Jonathan Bossenger77 views
Let's code! Creating your Primary Templates in the Editor.pptxLet's code! Creating your Primary Templates in the Editor.pptx
Let's code! Creating your Primary Templates in the Editor.pptx
Jonathan Bossenger65 views
Developing Blocks without React - Part 2.pptxDeveloping Blocks without React - Part 2.pptx
Developing Blocks without React - Part 2.pptx
Jonathan Bossenger16 views
Developing Blocks without React - Attributes.pptxDeveloping Blocks without React - Attributes.pptx
Developing Blocks without React - Attributes.pptx
Jonathan Bossenger28 views
Developing Blocks without React - Part 2Developing Blocks without React - Part 2
Developing Blocks without React - Part 2
Jonathan Bossenger17 views
Let's code_ WP REST API - custom routes and endpoints.pptxLet's code_ WP REST API - custom routes and endpoints.pptx
Let's code_ WP REST API - custom routes and endpoints.pptx
Jonathan Bossenger41 views
Let's code! Diving into theme.jsonLet's code! Diving into theme.json
Let's code! Diving into theme.json
Jonathan Bossenger74 views

More from Jonathan Bossenger(14)

Managing a WordPress Multisite NetworkManaging a WordPress Multisite Network
Managing a WordPress Multisite Network
Jonathan Bossenger7 views
Introduction to WordPress Multisite NetworksIntroduction to WordPress Multisite Networks
Introduction to WordPress Multisite Networks
Jonathan Bossenger10 views
Custom Post Types and Capabilities.pptxCustom Post Types and Capabilities.pptx
Custom Post Types and Capabilities.pptx
Jonathan Bossenger22 views
Developing WordPress User Roles and CapabilitiesDeveloping WordPress User Roles and Capabilities
Developing WordPress User Roles and Capabilities
Jonathan Bossenger7 views
Extending WordPress: common security vulnerabilitiesExtending WordPress: common security vulnerabilities
Extending WordPress: common security vulnerabilities
Jonathan Bossenger9 views
WP REST API - custom routes and endpointsWP REST API - custom routes and endpoints
WP REST API - custom routes and endpoints
Jonathan Bossenger13 views
WP REST API - modifying responsesWP REST API - modifying responses
WP REST API - modifying responses
Jonathan Bossenger10 views
Interacting with the WordPress REST APIInteracting with the WordPress REST API
Interacting with the WordPress REST API
Jonathan Bossenger34 views
Using the WordPress REST APIUsing the WordPress REST API
Using the WordPress REST API
Jonathan Bossenger24 views
Introduction to securely developing pluginsIntroduction to securely developing plugins
Introduction to securely developing plugins
Jonathan Bossenger22 views
theme.json in classic themes.pptxtheme.json in classic themes.pptx
theme.json in classic themes.pptx
Jonathan Bossenger15 views
Introduction to theme.jsonIntroduction to theme.json
Introduction to theme.json
Jonathan Bossenger18 views
Create Block Theme - FontsCreate Block Theme - Fonts
Create Block Theme - Fonts
Jonathan Bossenger13 views
WordPress theme template tourWordPress theme template tour
WordPress theme template tour
Jonathan Bossenger24 views
Advertisement

Recently uploaded(20)

Ch 4.pdfCh 4.pdf
Ch 4.pdf
MuhammadAsif10690 views
Tuning Traditional Language Processing Approaches for Pashto Text ClassificationTuning Traditional Language Processing Approaches for Pashto Text Classification
Tuning Traditional Language Processing Approaches for Pashto Text Classification
kevig0 views
Causal Repair of Learning-Enabled Cyber-physical SystemsCausal Repair of Learning-Enabled Cyber-physical Systems
Causal Repair of Learning-Enabled Cyber-physical Systems
Ivan Ruchkin0 views
TenT-Day02.pptxTenT-Day02.pptx
TenT-Day02.pptx
JohanMyburgh150 views
GCP LBGCP LB
GCP LB
Rachmat Hidayat0 views
OpenACC and Open Hackathons Monthly Highlights May 2023.pdfOpenACC and Open Hackathons Monthly Highlights May 2023.pdf
OpenACC and Open Hackathons Monthly Highlights May 2023.pdf
OpenACC0 views
Low code platforms in insurance industry - omnepresent technologies.pdfLow code platforms in insurance industry - omnepresent technologies.pdf
Low code platforms in insurance industry - omnepresent technologies.pdf
OmnePresentTechnolog10 views
EMA Policy 0070 Relaunch - Changes and how GenInvo can helpEMA Policy 0070 Relaunch - Changes and how GenInvo can help
EMA Policy 0070 Relaunch - Changes and how GenInvo can help
geninvomarketing0 views
Ammonia Gas removal in Fertilizer Industry Control Room Ventilation: A Case S...Ammonia Gas removal in Fertilizer Industry Control Room Ventilation: A Case S...
Ammonia Gas removal in Fertilizer Industry Control Room Ventilation: A Case S...
Aqozatechh0 views
Ch 2.pdfCh 2.pdf
Ch 2.pdf
MuhammadAsif10690 views
Ch 3.pdfCh 3.pdf
Ch 3.pdf
MuhammadAsif10690 views
UNIT 2 DATA WAREHOUSING AND DATA MINING PRESENTATION.pptxUNIT 2 DATA WAREHOUSING AND DATA MINING PRESENTATION.pptx
UNIT 2 DATA WAREHOUSING AND DATA MINING PRESENTATION.pptx
shruthisweety40 views
Electron Transport .pptxElectron Transport .pptx
Electron Transport .pptx
RadioactiveMainakMon0 views
What is Philosophy in Technology?What is Philosophy in Technology?
What is Philosophy in Technology?
Roman Krzanowski0 views
Ch 1.pdfCh 1.pdf
Ch 1.pdf
MuhammadAsif10690 views
Top 6 Cloud Service Providers.pdfTop 6 Cloud Service Providers.pdf
Top 6 Cloud Service Providers.pdf
SatawareTechnologies60 views
From Project to Product: Leaders, Here's What It Means to YouFrom Project to Product: Leaders, Here's What It Means to You
From Project to Product: Leaders, Here's What It Means to You
Cprime0 views
Technology-Startup-Presentation-Template.pptxTechnology-Startup-Presentation-Template.pptx
Technology-Startup-Presentation-Template.pptx
j s adarsh kumar0 views
TenT-Day08.pptxTenT-Day08.pptx
TenT-Day08.pptx
JohanMyburgh150 views
AlamofirebyJun.pdfAlamofirebyJun.pdf
AlamofirebyJun.pdf
JUNSHIN80 views

Preventing Common Security Vulnerabilities

  1. Jonathan Bossenger Let’s Code Learn.WordPress.org Preventing Common Security Vulnerabilities
  2. 2 👋🏽 Welcome! As you join, please make sure you have your local development environment ready: • A local WordPress installation • A code editor like VSCode or Sublime • An insecure plugin • https://github.com/jonathanbossenger/wp- learn-plugin- security/releases/download/1.0.0/wp-learn- plugin-security.1.0.0.zip Then, let everyone know in the chat where you’re joining us from… Hello! ○ My name is Jonathan Bossenger ○ From Cape Town, South Africa ○ Developer educator at Automattic ○ Sponsored to work with the Training Team ○ jonathanbossenger.com
  3. Learn.WordPress.org Let's code! Preventing Common Security Vulnerabilities Jonathan Bossenger
  4. Announcements ○ Welcome, and thanks for joining! ○ Please let me know if you can’t see this slide! ○ We are presenting in focus mode, but please feel free to enable your video. ○ You are welcome to ask questions. ○ You are welcome to post questions in the chat, or unmute to ask questions.
  5. Announcements ○ Make sure your local install is ready ○ https://github.com/jonathanbossenger/wp-learn-plugin- security/releases/download/1.0.0/wp-learn-plugin-security.1.0.0.zip ○ If I am going too fast, please let me know! ○ We will be posting this session to https://wordpress.tv/ afterwards ○ For more WordPress focused content please visit https://learn.wordpress.org/
  6. Learning Outcomes 1. Review common vulnerabilities - OWASP 2. Preventing common vulnerabilities • SQL Injection • Cross Site Scripting (XSS) • Cross-site Request Forgery (CSRF) • Broken Access Control 3. Bonus round 4. Where to go to learn more
  7. Objectives 1 1. Setup and review the insecure plugin 2. Prevent any possible SQL injections 3. Prevent any possible XSS vulnerabilities 4. Prevent any possible CSRF vulnerabilities 5. Find the bonus security vulnerability 7
  8. 8 Let’s code.
  9. Resources ○ https://github.com/jonathanbossenger/wp-learn-plugin-security/releases/download/1.0.0/wp-learn- plugin-security.1.0.0.zip ○ https://developer.wordpress.org/plugins/security/ ○ https://developer.wordpress.org/apis/security/ ○ https://owasp.org/www-project-top-ten/

Editor's Notes

  1. TITLE SLIDE: Make a copy of this presentation to your Google Drive, and edit to replace with your details.
Advertisement