Download to read offline
Uploaded byJonathan Bossenger
Preventing CSRF Security Vulnerabilities.pptx
The document is an introductory session led by Jonathan Bossenger focused on preventing CSRF security vulnerabilities in WordPress. Participants are encouraged to prepare their local development environment and engage in discussions throughout the session. It provides a recap of previous vulnerabilities and outlines learning objectives related to protecting against CSRF using nonces.
More Related Content
Similar to Preventing CSRF Security Vulnerabilities.pptx
More from Jonathan Bossenger
Preventing CSRF Security Vulnerabilities.pptx
- 1. Jonathan Bossenger Let’s Code Learn.WordPress.org PreventingCSRF Security Vulnerabilities
- 2. 2 👋🏽 Welcome! As you join,please make sure you have your local development environment ready: • A local WordPress installation • A code editor like VSCode or Sublime • An insecure plugin • https://github.com/jonathanbossenger/wp- learn-plugin-security/releases/download/1.0.2- beta/wp-learn-plugin-security.1.0.2-beta.zip Then, let everyone know in the chat where you’re joining us from… Hello! ○ My name is Jonathan Bossenger ○ From Cape Town, South Africa ○ Developer educator at Automattic ○ Sponsored to work with the Training Team ○ jonathanbossenger.com
- 3.
- 4. Announcements ○ Welcome, andthanks for joining! ○ Please let me know if you can’t see this slide! ○ We are presenting in focus mode, but please feel free to enable your video. ○ You are welcome to ask questions. ○ You are welcome to post questions in the chat, or unmute to ask questions.
- 5. Announcements ○ Make sureyour local install is ready ○ https://github.com/jonathanbossenger/wp-learn-plugin- security/releases/download/1.0.2-beta/wp-learn-plugin-security.1.0.2-beta.zip ○ If I am going too fast, please let me know! ○ We will be posting this session to https://wordpress.tv/ afterwards ○ For more WordPress focused content please visit https://learn.wordpress.org/
- 6. Learning Outcomes 1. Recapvulnerabilities from previous session • SQL Injection • Cross Site Scripting (XSS) • Broken Access Control 2. Preventing Cross-site Request Forgery (CSRF) vulnerabilities using nonces • Adding nonces to forms, form submissions • Adding nonces to async requests 3. Where to go to learn more
- 7. Objectives 1 1. Setupand review the insecure plugin 2. Recap the SQL injection prevention 3. Recap the XSS vulnerabilities 4. Recap the Broken Access Control vulnerabilities 5. Prevent any possible CSRF vulnerabilities 6. Find the bonus security vulnerability 7
- 8.
- 9. Resources ○ https://github.com/jonathanbossenger/wp-learn-plugin-security/releases/download/1.0.2- beta/wp-learn-plugin-security.1.0.2-beta.zip ○ https://developer.wordpress.org/plugins/security/ ○https://developer.wordpress.org/apis/security/ ○ https://owasp.org/www-project-top-ten/ ○ https://wordpress.tv/2023/03/03/lets-code-preventing-common-security-vulnerabilities/ ○ https://portswigger.net/burp/communitydownload ○ https://developer.wordpress.org/apis/security/escaping/#escaping-with-localization ○ https://developer.wordpress.org/reference/functions/wp_nonce_field/
- 10. Resources ○ https://developer.wordpress.org/reference/functions/wp_verify_nonce/ ○ https://developer.wordpress.org/reference/functions/wp_create_nonce/ ○https://developer.wordpress.org/reference/functions/check_ajax_referer/ ○ https://developer.wordpress.org/reference/functions/wp_safe_redirect/
Editor's Notes
- #2 TITLE SLIDE: Make a copy of this presentation to your Google Drive, and edit to replace with your details.