20160430.3 true presentatie - concept · attacking wordpress true | managed hosting security...
TRANSCRIPT
TRUE | MANAGED HOSTING
ATTACKING WORDPRESS
LOOKING BACK
PresentatorEddie BijnenSecurity Engineer
TRUE | MANAGED HOSTINGATTACKING WORDPRESS
Security engineer¿?!!
Penetratie testen
Ontwikkelen van security oplossingen
Opsporen van hacks
Abuse meldingen
TRUE | MANAGED HOSTING
My website isn’t that interesting
ATTACKING WORDPRESS
TRUE | MANAGED HOSTING
My website isn’t that interesting
DDoS
Cryptocoin-mining
Spam
Randsom
ATTACKING WORDPRESS
TRUE | MANAGED HOSTING
Admin Panel Available
https://www.my-website.nl
/wp-login.php
Unlimited login attempts
Lack of HTTPS
ATTACKING WORDPRESS
TRUE | MANAGED HOSTING
Password Reuse
Myspace
Linked-In
Adobe
Dropbox
220+ andere websites
ATTACKING WORDPRESS
TRUE | MANAGED HOSTING
Am In Now What?
A valid admin is by default allowed to change files on disk.
ATTACKING WORDPRESS
TRUE | MANAGED HOSTING
Backdoor in pirated software
ATTACKING WORDPRESS
TRUE | MANAGED HOSTING
I know what you didn’t do last summer
ATTACKING WORDPRESS
TRUE | MANAGED HOSTING
Vulnerable Plugins
ATTACKING WORDPRESS
TRUE | MANAGED HOSTING
What are the risks
ATTACKING WORDPRESS
“Meldplicht” and possible fine from the Dutch Autoriteit persoonsgegevens
Brand reputation
Additional data cost
Blacklisting of domains
TRUE | MANAGED HOSTING
https://haveibeenpwned.com/
https://premium.wpmudev.org/wp-checkup/
https://premium.wpmudev.org/blog/ultimate-wordpress-security-
checklist/
TITEL PRESENTATIE
Homework & Questions