Preventing Common Security Vulnerabilities
•Download as PPTX, PDF•
0 likes•52 views
Earlier this year, we looked at the theory behind developing WordPress plugins and themes securely. We covered how to develop a security mindset, and the guiding principles of secure development, and looked at the five examples of these principles, Sanitizing Data, Validating Data, Escaping Data, Nonces, and User Roles and Capabilities. In this session, we will look at how these principles are applied in real-world examples, by understanding common security vulnerabilities, how they can be exploited by would-be attackers, and what you can do to prevent them.
Recommended
Recommended
More Related Content
Similar to Preventing Common Security Vulnerabilities
Similar to Preventing Common Security Vulnerabilities (20)
More from Jonathan Bossenger
More from Jonathan Bossenger (15)
Recently uploaded
Recently uploaded (20)
Preventing Common Security Vulnerabilities
- 1. Jonathan Bossenger Let’s Code Learn.WordPress.org Preventing Common Security Vulnerabilities
- 2. 2 👋🏽 Welcome! As you join, please make sure you have your local development environment ready: • A local WordPress installation • A code editor like VSCode or Sublime • An insecure plugin • https://github.com/jonathanbossenger/wp- learn-plugin- security/releases/download/1.0.0/wp-learn- plugin-security.1.0.0.zip Then, let everyone know in the chat where you’re joining us from… Hello! ○ My name is Jonathan Bossenger ○ From Cape Town, South Africa ○ Developer educator at Automattic ○ Sponsored to work with the Training Team ○ jonathanbossenger.com
- 4. Announcements ○ Welcome, and thanks for joining! ○ Please let me know if you can’t see this slide! ○ We are presenting in focus mode, but please feel free to enable your video. ○ You are welcome to ask questions. ○ You are welcome to post questions in the chat, or unmute to ask questions.
- 5. Announcements ○ Make sure your local install is ready ○ https://github.com/jonathanbossenger/wp-learn-plugin- security/releases/download/1.0.0/wp-learn-plugin-security.1.0.0.zip ○ If I am going too fast, please let me know! ○ We will be posting this session to https://wordpress.tv/ afterwards ○ For more WordPress focused content please visit https://learn.wordpress.org/
- 6. Learning Outcomes 1. Review common vulnerabilities - OWASP 2. Preventing common vulnerabilities • SQL Injection • Cross Site Scripting (XSS) • Cross-site Request Forgery (CSRF) • Broken Access Control 3. Bonus round 4. Where to go to learn more
- 7. Objectives 1 1. Setup and review the insecure plugin 2. Prevent any possible SQL injections 3. Prevent any possible XSS vulnerabilities 4. Prevent any possible CSRF vulnerabilities 5. Find the bonus security vulnerability 7
- 9. Resources ○ https://github.com/jonathanbossenger/wp-learn-plugin-security/releases/download/1.0.0/wp-learn- plugin-security.1.0.0.zip ○ https://developer.wordpress.org/plugins/security/ ○ https://developer.wordpress.org/apis/security/ ○ https://owasp.org/www-project-top-ten/
Editor's Notes
- TITLE SLIDE: Make a copy of this presentation to your Google Drive, and edit to replace with your details.