Snakes in a plugin - WordPress plugin security
17
Duncan Stuart @dgmstuart
-
Upload
duncan-stuart -
Category
Internet
-
view
10.262 -
download
6
Transcript of Snakes in a plugin - WordPress plugin security
@dgmstuart
“You can't defend. You can't prevent. The only thing you can do is detect and respond.”Bruce Schneier
@dgmstuart
You can’t trust the ‘from’ field
You can’t trust the address bar
The internet is a terrifying place
What did we learn?
@dgmstuart
It’s not unusual...
It’s the most common vulnerability
25% of plugins we review are unsafe
over 25% are conditionally safe
@dgmstuart
“I am regularly asked what the average Internet user can do to ensure his security.
Bruce Schneier
@dgmstuart
“I am regularly asked what the average Internet user can do to ensure his security. My first answer is usually 'Nothing; you're screwed'”Bruce Schneier