Upgrade to Pro — share decks privately, control downloads, hide ads and more …

The Hacker's Black Magic

KR Moorhouse
July 06, 2017
Technology
0
250

The Hacker's Black Magic

Information. Your business is built on it. Your customers rely on it. The web is full of it. But how secure is that information?

To many of us, hackers are a faceless entity. An unknown threat using seemingly magical methods to steal away the information we all rely on.

This month, we take a quick look at what it looks like from the bad guys' perspective as your security is breached and your information is siphoned away to later be sold to the highest bidder. We'll examine a few of the most common attacks that target WordPress sites, including Brute Force, Cross Site Scripting, and SQL Injection.

Many of these can be easily defended against if you properly understand them, and our goal is to pull aside the curtain and reveal how these attacks work, so that you can better equip your WordPress site to handle them.

KR Moorhouse

July 06, 2017
Tweet

Other Decks in Technology

See All in Technology
ExaDB-D dbaascli で出来ること
oracle4engineer
PRO
0
2.1k
[新卒向け研修資料] テスト文字列に「うんこ」と入れるな(2024年版)
infiniteloop_inc
4
16k
開発パフォーマンスを最大化するための開発体制
ham0215
2
430
KubeConにproposalを送りたい人へのアドバイス
sat
PRO
3
260
Cracking the KubeCon CfP
inductor
2
250
Azureの基本的な権限管理の勉強会
yhana
0
580
LayerXにおけるLLMプロダクト開発の今までとこれから
layerx
PRO
1
360
Google Cloud Next '24 Recap(Cloud Run/k8s)
mokocm
0
230
Terraformあれやこれ/terraform-this-and-that
emiki
8
1.4k
地理空間データ可視化・解析・活用ソリューション Pacific Spatial Solutions (PSS)
pacificspatialsolutions
0
290
いつか使うかも貯金してたらめちゃめちゃ機能が増えてた話
riyaamemiya
0
250
Compose Compiler Metricsを使った実践的なコードレビュー
tomorrowkey
1
220

Featured

See All Featured
Building Adaptive Systems
keathley
31
1.9k
Music & Morning Musume
bryan
41
5.6k
Designing for Performance
lara
601
67k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
40
4.4k
Unsuck your backbone
ammeep
663
57k
Faster Mobile Websites
deanohume
299
30k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
241
1.2M
Writing Fast Ruby
sferik
621
60k
A Modern Web Designer's Workflow
chriscoyier
689
190k
Documentation Writing (for coders)
carmenintech
60
3.9k
Bash Introduction
62gerente
604
210k
What's in a price? How to price your products and services
michaelherold
237
11k

Transcript

  1. The Hacker’s Black Magic A look behind the curtain…

  2. Most Common WordPress Vulnerabilities: • SQL Injection • Brute Force

    Attacks • Cross Site Scripting (XSS)

  3. SQL Injection What is it? SQL Injection is a security

    exploit where the attacker adds SQL code to an input method, to gain access to resources or make changes to data.

  4. SELECT * FROM `wp_users` WHERE user_email = ‘$email’

  5. SELECT * FROM `wp_users` WHERE user_email = ‘[email protected]’ $email =

    [email protected]

  6. SELECT * FROM `wp_users` WHERE user_email = ‘x’ OR 1

    = 1 $email = x’ OR 1 = 1--

  7. SELECT * FROM `wp_users` WHERE user_email = ‘x’; DROP TABLE

    ‘wp_posts’; $email = x’; DROP TABLE ‘wp_posts’;--

  8. SELECT * FROM `wp_users` WHERE user_email = ‘x’; UPDATE `wp_users`

    SET user_email = ‘[email protected]’ WHERE user_login = ‘admin’; $email = x’; UPDATE `wp_users` SET user_email = ‘[email protected]’ WHERE user_login = ‘admin’;--

  9. Most Common WordPress Vulnerabilities: • SQL Injection • Brute Force

    Attacks • Cross Site Scripting (XSS)

  10. Brute Force Attack What is it? A Brute Force Attack

    is a trial-and-error method used to obtain information, such as a user password or personal identification number (PIN).

  11. Most Common WordPress Vulnerabilities: • SQL Injection • Brute Force

    Attacks • Cross Site Scripting (XSS)

  12. Cross Site Scripting What is it? Cross Site Scripting is

    a vulnerability that enables attackers to inject client-side scripts into web pages viewed by other users.
  13. None

  14. Takeaways • Remove the ‘admin’ user account • Setup two-factor

    authentication • Setup an account lockout • Know what’s on your site • Be aware of your plugins’ reliability