SlideShare ist ein Scribd-Unternehmen logo

Security Webinar: Harden the Heart of Your WordPress SiteSe

WP Engine
WP Engine

Discover the OWASP Top 10 web vulnerabilities and how to mitigate the risk associated with each for your website. Register to watch on-demand webinar here: https://wpengine.com/resources/security-webinar-harden-heart-wordpress-site/

Internet
1 von 33
Downloaden Sie, um offline zu lesen
#wpewebinar February 15, 2017 #wpewebinar
#wpewebinar CROP IMAGE TO GRAY BOX We’ll answer as many questions as we can after the presentation ASK QUESTIONS AS WE GO Slides and recording will be made available shortly after the webinar Use the “Questions” pane throughout the webinar
#wpewebinar WHAT YOU’LL LEARN: ● What is OWASP? ● What are the OWASP Top Ten? ● How each might affect your website ● How to mitigate risks for each vulnerability ● Q&A
#wpewebinar Security Engineer WP Engine Justin Dailey ● Background in HW and digital electronics ● Sports enthusiast ● Loves all things outdoors Security Architect WP Engine Will West ● Made a gatling gun with sonar sensor ● 6’8” Tall ● Does not play basketball
#wpewebinar OWASP
#wpewebinar The OWASP Top Ten
#wpewebinar CROP IMAGE TO GRAY BOX CROP IMAGE TO GRAY BOX CROP IMAGE TO GRAY BOX CROP IMAGE TO GRAY BOX CROP IMAGE TO GRAY BOX CROP IMAGE TO GRAY BOX CROP IMAGE TO GRAY BOX CROP IMAGE TO GRAY BOX CROP IMAGE TO GRAY BOX CROP IMAGE TO GRAY BOX Injection OWASP Top 10 Weak authentication and session management XSS Insecure Direct Object References Security Misconfiguration Sensitive Data Exposure Missing Function Level Access Control Cross Site Request Forgery Using Components with Known Vulnerabilities Unvalidated Redirects and Forwards A1 A2 A3 A4 A5 A6 A7 A8 A9 A10
#wpewebinar Poll: Are you currently doing anything to secure your website against these Top 10 threats?
#wpewebinar A1 Injection Description • Different types: SQL, LDAP, ORM, XML, XPath, Code Injection, Command Injection, Buffer Overflows • Execution of unintended commands • Unauthorized data access
#wpewebinar A1 Injection Description • Different types: SQL, LDAP, ORM, XML, XPath, Code Injection, Command Injection, Buffer Overflows • Execution of unintended commands • Unauthorized data access Protections • Enforce input type and length • Ensure special characters are escaped • Validate all input fields and use an input validation whitelist • Avoid dynamic queries or commands
#wpewebinar Description A2 Weak authentication and session management • Attacks take advantage of improper authentication or session management practices • Leads to access to sensitive information such as passwords, keys, or tokens • Execution of privileged application functions
#wpewebinar Description A2 Weak authentication and session management • Attacks take advantage of improper authentication or session management practices • Leads to access to sensitive information such as passwords, keys, or tokens • Execution of privileged application functions Protections • Follow standard and recommended practices for user management and authentication • Perform user and role validation on all actions • Use secure session cookie flags • Always use CSRF tokens with forms
#wpewebinar A3 Cross Site Scripting (XSS) Description • An application places data from untrusted sources into site content without performing proper validation and/or escaping • Allows client side script execution • Can lead to compromised credentials and sessions, site defacement, and redirection to malicious sites
#wpewebinar A3 Cross Site Scripting (XSS) Description • An application places data from untrusted sources into site content without performing proper validation and/or escaping • Allows client side script execution • Can lead to compromised credentials and sessions, site defacement, and redirection to malicious sites Protections • Positive input validation using correct character set • Sanitize input • Output encode all user data during upon rendering
#wpewebinar A4 Insecure Direct Object References Description • Reference to an internal object such as a file, directory, or database key is exposed • Leads to unauthorized data access directly or by manipulation
#wpewebinar A4 Insecure Direct Object References Description • Reference to an internal object such as a file, directory, or database key is exposed • Leads to unauthorized data access directly or by manipulation Protections • Ensure access control checks are performed when using direct object references • Use reference maps instead of direct reference such as IDs
#wpewebinar Description A5 Security Misconfiguration • Insecure server or application configurations that allow unintended access to data or application functions • Can be a result of naive configurations, default configurations, outdated software
#wpewebinar Description A5 Security Misconfiguration • Insecure server or application configurations that allow unintended access to data or application functions • Can be a result of naive configurations, default configurations, outdated software Protections • A repeatable and testable hardening process incorporating development, QA, and production • Regular update and patching processes • Periodic scans and audits
#wpewebinar A6 Sensitive Data Exposure Description • Improper protection and/or encryption of sensitive data such as personally identifiable information, payment methods, and credentials • Exposure can occur in rest or in transit • Can lead to fraud, PR nightmares, and further exploitation
#wpewebinar A6 Sensitive Data Exposure Description • Improper protection and/or encryption of sensitive data such as personally identifiable information, payment methods, and credentials • Exposure can occur in rest or in transit • Can lead to fraud, PR nightmares, and further exploitation Protections • Encrypt all sensitive data at rest and in transit • Avoid storing sensitive data at all costs • Use standard and modern cryptography and hashing algorithms
#wpewebinar A7 Missing Function Level Access Control Description • Authentication verification is performed on the front end (UI) but is not properly performed on application functions • Verification must be performed on all functions at all levels • Allows unauthorized access to functions and data
#wpewebinar A7 Missing Function Level Access Control Description • Authentication verification is performed on the front end (UI) but is not properly performed on application functions • Verification must be performed on all functions at all levels • Allows unauthorized access to functions and data Protections • Perform validations client side AND server side • Use explicit grants, deny by default
#wpewebinar Description A8 Cross Site Request Forgery • An attack forcing a logged in victim’s browser to send a forged HTTP request which includes local session information • Requests target vulnerable sites that do not perform proper request validation
#wpewebinar Description A8 Cross Site Request Forgery • An attack forcing a logged in victim’s browser to send a forged HTTP request which includes local session information • Requests target vulnerable sites that do not perform proper request validation Protections • Include an unpredictable CSRF token in each HTTP request
#wpewebinar A9 Using Components with Known Vulnerabilities Description • Known vulnerabilities in utilized libraries and frameworks can be compromised used readily available tools • Can allow attacks to bypass security measures through exploitation
#wpewebinar A9 Using Components with Known Vulnerabilities Description • Known vulnerabilities in utilized libraries and frameworks can be compromised used readily available tools • Can allow attacks to bypass security measures through exploitation Protections • Maintain awareness of the components and versions utilized by your application • Monitor the security of these components via public notifications such as vulnerability mailing lists etc • Establish and follow policies dictating what software components are acceptable to use
#wpewebinar A10 Unvalidated Redirects and Forwards Description • Use of redirects and forwards with untrusted data determining the destination pages • Redirection can be exploited to direct users to malicious sites performing phishing or malware distribution
#wpewebinar A10 Unvalidated Redirects and Forwards Description • Use of redirects and forwards with untrusted data determining the destination pages • Redirection can be exploited to direct users to malicious sites performing phishing or malware distribution Protections • Avoid redirects and forwards if possible • If they are used, do not include dynamic parameters in calculating the destination
#wpewebinar Slides and recording will be made available shortly after the webinar QUESTIONS AND ANSWERS
#wpewebinar 8 KEY SECURITY QUESTIONS YOUR HOSTING COMPANY SHOULD BE ABLE TO ANSWER RESOURCES OWASP TOP 10 2013 PROJECT OWASP VULNERABLE WEB APPLICATIONS DIRECTORY PROJECT LIVE INTERVIEW WITH DAVID ENDLER OF MANIFEST ON WEB SECURITY 15 WAYS TO HARDEN THE SECURITY OF YOUR WORDPRESS SITE RECORDED WEBINAR: TODAY’S WEBSITE SECURITY THREAT LANDSCAPE (FEATURING TONY PEREZ, SUCURI)
#wpewebinar CROP IMAGE TO GRAY BOX NEXT UP... Register Now: http://wpeng.in/ email Wednesday, Feb 22 11:00 a.m. CST, 12:00 p.m. EST, 9:00 a.m. PST, 5:00 p.m. UTC/GMT
#wpewebinar HELP US IMPROVE
#wpewebinar THANK YOU #wpewebinar @wpengine

Empfohlen

Webinar: Security Mindset for WordPress
Webinar: Security Mindset for WordPressWebinar: Security Mindset for WordPress
Webinar: Security Mindset for WordPressWP Engine
 
Top Insights for Your WordPress Site
Top Insights for Your WordPress SiteTop Insights for Your WordPress Site
Top Insights for Your WordPress SiteWP Engine
 
How to Ensure You're Launching the Most Secure Website - Michael Tremante
How to Ensure You're Launching the Most Secure Website - Michael TremanteHow to Ensure You're Launching the Most Secure Website - Michael Tremante
How to Ensure You're Launching the Most Secure Website - Michael TremanteWP Engine
 
Don't lose revenue. Go viral with no downtime.
Don't lose revenue. Go viral with no downtime.Don't lose revenue. Go viral with no downtime.
Don't lose revenue. Go viral with no downtime.WP Engine
 
WordPress with WP Engine and the Agency Partner Program: Getting Set Up
WordPress with WP Engine and the Agency Partner Program: Getting Set UpWordPress with WP Engine and the Agency Partner Program: Getting Set Up
WordPress with WP Engine and the Agency Partner Program: Getting Set UpWP Engine
 
Choosing WordPress Plugins (WordCamp Raleigh 2016)
Choosing WordPress Plugins (WordCamp Raleigh 2016)Choosing WordPress Plugins (WordCamp Raleigh 2016)
Choosing WordPress Plugins (WordCamp Raleigh 2016)andisites
 
Make Local WordPress Development Simple
Make Local WordPress Development SimpleMake Local WordPress Development Simple
Make Local WordPress Development SimpleWP Engine
 
The WP Engine Developer Experience. Increased agility, improved efficiency.
The WP Engine Developer Experience. Increased agility, improved efficiency.The WP Engine Developer Experience. Increased agility, improved efficiency.
The WP Engine Developer Experience. Increased agility, improved efficiency.WP Engine
 

Empfohlen

Webinar: Security Mindset for WordPress
Webinar: Security Mindset for WordPressWebinar: Security Mindset for WordPress
Webinar: Security Mindset for WordPressWP Engine
 
Top Insights for Your WordPress Site
Top Insights for Your WordPress SiteTop Insights for Your WordPress Site
Top Insights for Your WordPress SiteWP Engine
 
How to Ensure You're Launching the Most Secure Website - Michael Tremante
How to Ensure You're Launching the Most Secure Website - Michael TremanteHow to Ensure You're Launching the Most Secure Website - Michael Tremante
How to Ensure You're Launching the Most Secure Website - Michael TremanteWP Engine
 
Don't lose revenue. Go viral with no downtime.
Don't lose revenue. Go viral with no downtime.Don't lose revenue. Go viral with no downtime.
Don't lose revenue. Go viral with no downtime.WP Engine
 
WordPress with WP Engine and the Agency Partner Program: Getting Set Up
WordPress with WP Engine and the Agency Partner Program: Getting Set UpWordPress with WP Engine and the Agency Partner Program: Getting Set Up
WordPress with WP Engine and the Agency Partner Program: Getting Set UpWP Engine
 
Choosing WordPress Plugins (WordCamp Raleigh 2016)
Choosing WordPress Plugins (WordCamp Raleigh 2016)Choosing WordPress Plugins (WordCamp Raleigh 2016)
Choosing WordPress Plugins (WordCamp Raleigh 2016)andisites
 
Make Local WordPress Development Simple
Make Local WordPress Development SimpleMake Local WordPress Development Simple
Make Local WordPress Development SimpleWP Engine
 
The WP Engine Developer Experience. Increased agility, improved efficiency.
The WP Engine Developer Experience. Increased agility, improved efficiency.The WP Engine Developer Experience. Increased agility, improved efficiency.
The WP Engine Developer Experience. Increased agility, improved efficiency.WP Engine
 
Headless 101 - Everything You Wanted to Know and More!
Headless 101 - Everything You Wanted to Know and More!Headless 101 - Everything You Wanted to Know and More!
Headless 101 - Everything You Wanted to Know and More!WP Engine
 
Optimizing Your Site for Holiday Traffic
Optimizing Your Site for Holiday TrafficOptimizing Your Site for Holiday Traffic
Optimizing Your Site for Holiday TrafficWP Engine UK
 
Webinar: AngularJS and the WordPress REST API
Webinar: AngularJS and the WordPress REST APIWebinar: AngularJS and the WordPress REST API
Webinar: AngularJS and the WordPress REST APIWP Engine UK
 
Coding with jetpack
Coding with jetpackCoding with jetpack
Coding with jetpackRich Collier
 
Increasing Traffic Through Optimization : The Importance of Site Speed
Increasing Traffic Through Optimization : The Importance of Site SpeedIncreasing Traffic Through Optimization : The Importance of Site Speed
Increasing Traffic Through Optimization : The Importance of Site SpeedTerell Moore
 
Way of the Future
Way of the FutureWay of the Future
Way of the FutureJason Cosper
 
Building and future-proofing your WordPress sites with the Genesis Framework
Building and future-proofing your WordPress sites with the Genesis FrameworkBuilding and future-proofing your WordPress sites with the Genesis Framework
Building and future-proofing your WordPress sites with the Genesis FrameworkWP Engine
 
WP-CLI: WordCamp NYC 2015
WP-CLI: WordCamp NYC 2015WP-CLI: WordCamp NYC 2015
WP-CLI: WordCamp NYC 2015Terell Moore
 
A Managed Platform Will Change Your Business
A Managed Platform Will Change Your BusinessA Managed Platform Will Change Your Business
A Managed Platform Will Change Your BusinessWP Engine
 
How To Work Faster & More Profitably With Client Site Starter Templates
How To Work Faster & More Profitably With Client Site Starter TemplatesHow To Work Faster & More Profitably With Client Site Starter Templates
How To Work Faster & More Profitably With Client Site Starter TemplatesWP Engine
 
My website is live now what?
My website is live now what?My website is live now what?
My website is live now what?Michele Butcher-Jones
 
Building Faster Locally with Local - Ben Turner
Building Faster Locally with Local - Ben TurnerBuilding Faster Locally with Local - Ben Turner
Building Faster Locally with Local - Ben TurnerWP Engine
 
WordPress Hosting Survival Guide
WordPress Hosting Survival Guide WordPress Hosting Survival Guide
WordPress Hosting Survival Guide WordCamp Sydney
 
Page Experience Update SMX 2020 (Aleks Shklyar)
Page Experience Update SMX 2020 (Aleks Shklyar)Page Experience Update SMX 2020 (Aleks Shklyar)
Page Experience Update SMX 2020 (Aleks Shklyar)Aleks (Aleksander) Shklyar
 
The Fast Track to Mastering Modern WordPress - Rob Stinson & Carrie Dils
The Fast Track to Mastering Modern WordPress - Rob Stinson & Carrie DilsThe Fast Track to Mastering Modern WordPress - Rob Stinson & Carrie Dils
The Fast Track to Mastering Modern WordPress - Rob Stinson & Carrie DilsWP Engine
 
WordPress Affiliate Toolkit - Affiliate Summit East 2014
WordPress Affiliate Toolkit - Affiliate Summit East 2014WordPress Affiliate Toolkit - Affiliate Summit East 2014
WordPress Affiliate Toolkit - Affiliate Summit East 2014David Vogelpohl
 
WooCommerce Security - WordCamp OC 2018
WooCommerce Security - WordCamp OC 2018WooCommerce Security - WordCamp OC 2018
WooCommerce Security - WordCamp OC 2018Jamie Schmid
 
Managed WordPress Demystified
Managed WordPress DemystifiedManaged WordPress Demystified
Managed WordPress DemystifiedNewPath Consulting (Technology for Small Business)
 
Resources and lessons for using WordPress in your business
Resources and lessons for using WordPress in your businessResources and lessons for using WordPress in your business
Resources and lessons for using WordPress in your businessSteven Slack
 
Why Progressive Web App is what you need for your Business
Why Progressive Web App is what you need for your BusinessWhy Progressive Web App is what you need for your Business
Why Progressive Web App is what you need for your BusinessLets Grow Business
 
WP Engine #WooConf 2016: Top Live Tweet Quotes
WP Engine #WooConf 2016: Top Live Tweet QuotesWP Engine #WooConf 2016: Top Live Tweet Quotes
WP Engine #WooConf 2016: Top Live Tweet QuotesWP Engine
 
Webinar: You Are Too Cheap!
Webinar: You Are Too Cheap! Webinar: You Are Too Cheap!
Webinar: You Are Too Cheap! WP Engine
 

Weitere ähnliche Inhalte

Was ist angesagt?

Headless 101 - Everything You Wanted to Know and More!
Headless 101 - Everything You Wanted to Know and More!Headless 101 - Everything You Wanted to Know and More!
Headless 101 - Everything You Wanted to Know and More!WP Engine
 
Optimizing Your Site for Holiday Traffic
Optimizing Your Site for Holiday TrafficOptimizing Your Site for Holiday Traffic
Optimizing Your Site for Holiday TrafficWP Engine UK
 
Webinar: AngularJS and the WordPress REST API
Webinar: AngularJS and the WordPress REST APIWebinar: AngularJS and the WordPress REST API
Webinar: AngularJS and the WordPress REST APIWP Engine UK
 
Coding with jetpack
Coding with jetpackCoding with jetpack
Coding with jetpackRich Collier
 
Increasing Traffic Through Optimization : The Importance of Site Speed
Increasing Traffic Through Optimization : The Importance of Site SpeedIncreasing Traffic Through Optimization : The Importance of Site Speed
Increasing Traffic Through Optimization : The Importance of Site SpeedTerell Moore
 
Building and future-proofing your WordPress sites with the Genesis Framework
Building and future-proofing your WordPress sites with the Genesis FrameworkBuilding and future-proofing your WordPress sites with the Genesis Framework
Building and future-proofing your WordPress sites with the Genesis FrameworkWP Engine
 
WP-CLI: WordCamp NYC 2015
WP-CLI: WordCamp NYC 2015WP-CLI: WordCamp NYC 2015
WP-CLI: WordCamp NYC 2015Terell Moore
 
A Managed Platform Will Change Your Business
A Managed Platform Will Change Your BusinessA Managed Platform Will Change Your Business
A Managed Platform Will Change Your BusinessWP Engine
 
How To Work Faster & More Profitably With Client Site Starter Templates
How To Work Faster & More Profitably With Client Site Starter TemplatesHow To Work Faster & More Profitably With Client Site Starter Templates
How To Work Faster & More Profitably With Client Site Starter TemplatesWP Engine
 
Building Faster Locally with Local - Ben Turner
Building Faster Locally with Local - Ben TurnerBuilding Faster Locally with Local - Ben Turner
Building Faster Locally with Local - Ben TurnerWP Engine
 
WordPress Hosting Survival Guide
WordPress Hosting Survival Guide WordPress Hosting Survival Guide
WordPress Hosting Survival Guide WordCamp Sydney
 
Page Experience Update SMX 2020 (Aleks Shklyar)
Page Experience Update SMX 2020 (Aleks Shklyar)Page Experience Update SMX 2020 (Aleks Shklyar)
Page Experience Update SMX 2020 (Aleks Shklyar)Aleks (Aleksander) Shklyar
 
The Fast Track to Mastering Modern WordPress - Rob Stinson & Carrie Dils
The Fast Track to Mastering Modern WordPress - Rob Stinson & Carrie DilsThe Fast Track to Mastering Modern WordPress - Rob Stinson & Carrie Dils
The Fast Track to Mastering Modern WordPress - Rob Stinson & Carrie DilsWP Engine
 
WordPress Affiliate Toolkit - Affiliate Summit East 2014
WordPress Affiliate Toolkit - Affiliate Summit East 2014WordPress Affiliate Toolkit - Affiliate Summit East 2014
WordPress Affiliate Toolkit - Affiliate Summit East 2014David Vogelpohl
 
WooCommerce Security - WordCamp OC 2018
WooCommerce Security - WordCamp OC 2018WooCommerce Security - WordCamp OC 2018
WooCommerce Security - WordCamp OC 2018Jamie Schmid
 
Resources and lessons for using WordPress in your business
Resources and lessons for using WordPress in your businessResources and lessons for using WordPress in your business
Resources and lessons for using WordPress in your businessSteven Slack
 
Why Progressive Web App is what you need for your Business
Why Progressive Web App is what you need for your BusinessWhy Progressive Web App is what you need for your Business
Why Progressive Web App is what you need for your BusinessLets Grow Business
 

Was ist angesagt? (20)

Headless 101 - Everything You Wanted to Know and More!
Headless 101 - Everything You Wanted to Know and More!Headless 101 - Everything You Wanted to Know and More!
Headless 101 - Everything You Wanted to Know and More!
 
Optimizing Your Site for Holiday Traffic
Optimizing Your Site for Holiday TrafficOptimizing Your Site for Holiday Traffic
Optimizing Your Site for Holiday Traffic
 
Webinar: AngularJS and the WordPress REST API
Webinar: AngularJS and the WordPress REST APIWebinar: AngularJS and the WordPress REST API
Webinar: AngularJS and the WordPress REST API
 
Coding with jetpack
Coding with jetpackCoding with jetpack
Coding with jetpack
 
Increasing Traffic Through Optimization : The Importance of Site Speed
Increasing Traffic Through Optimization : The Importance of Site SpeedIncreasing Traffic Through Optimization : The Importance of Site Speed
Increasing Traffic Through Optimization : The Importance of Site Speed
 
Way of the Future
Way of the FutureWay of the Future
Way of the Future
 
Building and future-proofing your WordPress sites with the Genesis Framework
Building and future-proofing your WordPress sites with the Genesis FrameworkBuilding and future-proofing your WordPress sites with the Genesis Framework
Building and future-proofing your WordPress sites with the Genesis Framework
 
WP-CLI: WordCamp NYC 2015
WP-CLI: WordCamp NYC 2015WP-CLI: WordCamp NYC 2015
WP-CLI: WordCamp NYC 2015
 
A Managed Platform Will Change Your Business
A Managed Platform Will Change Your BusinessA Managed Platform Will Change Your Business
A Managed Platform Will Change Your Business
 
How To Work Faster & More Profitably With Client Site Starter Templates
How To Work Faster & More Profitably With Client Site Starter TemplatesHow To Work Faster & More Profitably With Client Site Starter Templates
How To Work Faster & More Profitably With Client Site Starter Templates
 
My website is live now what?
My website is live now what?My website is live now what?
My website is live now what?
 
Building Faster Locally with Local - Ben Turner
Building Faster Locally with Local - Ben TurnerBuilding Faster Locally with Local - Ben Turner
Building Faster Locally with Local - Ben Turner
 
WordPress Hosting Survival Guide
WordPress Hosting Survival Guide WordPress Hosting Survival Guide
WordPress Hosting Survival Guide
 
Page Experience Update SMX 2020 (Aleks Shklyar)
Page Experience Update SMX 2020 (Aleks Shklyar)Page Experience Update SMX 2020 (Aleks Shklyar)
Page Experience Update SMX 2020 (Aleks Shklyar)
 
The Fast Track to Mastering Modern WordPress - Rob Stinson & Carrie Dils
The Fast Track to Mastering Modern WordPress - Rob Stinson & Carrie DilsThe Fast Track to Mastering Modern WordPress - Rob Stinson & Carrie Dils
The Fast Track to Mastering Modern WordPress - Rob Stinson & Carrie Dils
 
WordPress Affiliate Toolkit - Affiliate Summit East 2014
WordPress Affiliate Toolkit - Affiliate Summit East 2014WordPress Affiliate Toolkit - Affiliate Summit East 2014
WordPress Affiliate Toolkit - Affiliate Summit East 2014
 
WooCommerce Security - WordCamp OC 2018
WooCommerce Security - WordCamp OC 2018WooCommerce Security - WordCamp OC 2018
WooCommerce Security - WordCamp OC 2018
 
Managed WordPress Demystified
Managed WordPress DemystifiedManaged WordPress Demystified
Managed WordPress Demystified
 
Resources and lessons for using WordPress in your business
Resources and lessons for using WordPress in your businessResources and lessons for using WordPress in your business
Resources and lessons for using WordPress in your business
 
Why Progressive Web App is what you need for your Business
Why Progressive Web App is what you need for your BusinessWhy Progressive Web App is what you need for your Business
Why Progressive Web App is what you need for your Business
 

Andere mochten auch

WP Engine #WooConf 2016: Top Live Tweet Quotes
WP Engine #WooConf 2016: Top Live Tweet QuotesWP Engine #WooConf 2016: Top Live Tweet Quotes
WP Engine #WooConf 2016: Top Live Tweet QuotesWP Engine
 
Webinar: You Are Too Cheap!
Webinar: You Are Too Cheap! Webinar: You Are Too Cheap!
Webinar: You Are Too Cheap! WP Engine
 
WordPress Management & Marketing Tools
WordPress Management & Marketing ToolsWordPress Management & Marketing Tools
WordPress Management & Marketing ToolsWP Engine
 
Personalization With WordPress - Interactive Strategies 2016
Personalization With WordPress - Interactive Strategies 2016Personalization With WordPress - Interactive Strategies 2016
Personalization With WordPress - Interactive Strategies 2016WP Engine
 
Webinar: Experts Weigh in on the State of WordPress for 2017
Webinar: Experts Weigh in on the State of WordPress for 2017Webinar: Experts Weigh in on the State of WordPress for 2017
Webinar: Experts Weigh in on the State of WordPress for 2017WP Engine
 
8 Hidden Features on WordPress
8 Hidden Features on WordPress8 Hidden Features on WordPress
8 Hidden Features on WordPressWP Engine
 
Webinar: Myths, Mistakes and Management of WooCommerce at Scale
Webinar: Myths, Mistakes and Management of WooCommerce at ScaleWebinar: Myths, Mistakes and Management of WooCommerce at Scale
Webinar: Myths, Mistakes and Management of WooCommerce at ScaleWP Engine
 
Today's Security Threat Landscape
Today's Security Threat LandscapeToday's Security Threat Landscape
Today's Security Threat LandscapeWP Engine
 
Best Practices for WordPress
Best Practices for WordPressBest Practices for WordPress
Best Practices for WordPressTaylor Lovett
 
Pitch Perfect: Agency Secrets to Winning More Business
Pitch Perfect: Agency Secrets to Winning More BusinessPitch Perfect: Agency Secrets to Winning More Business
Pitch Perfect: Agency Secrets to Winning More BusinessWP Engine
 
The WordPress Industry Survey 2016
The WordPress Industry Survey 2016The WordPress Industry Survey 2016
The WordPress Industry Survey 2016WP Engine
 
Content and Commerce: How to use WordPress and Shopify to increase your profits
Content and Commerce: How to use WordPress and Shopify to increase your profitsContent and Commerce: How to use WordPress and Shopify to increase your profits
Content and Commerce: How to use WordPress and Shopify to increase your profitsWP Engine
 
Training Webinar: Cover your bases - a security webinar
Training Webinar: Cover your bases - a security webinarTraining Webinar: Cover your bases - a security webinar
Training Webinar: Cover your bases - a security webinarOutSystems
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarDenim Group
 
Webinar: Next Generation, Data-Driven Plugin and Theme Development
Webinar: Next Generation, Data-Driven Plugin and Theme DevelopmentWebinar: Next Generation, Data-Driven Plugin and Theme Development
Webinar: Next Generation, Data-Driven Plugin and Theme DevelopmentWP Engine
 
Webinar: On-Page SEO Tips and Tricks
Webinar: On-Page SEO Tips and TricksWebinar: On-Page SEO Tips and Tricks
Webinar: On-Page SEO Tips and TricksWP Engine
 
Webinar: Building Incredible Web Experiences on WordPress - A Discussion with...
Webinar: Building Incredible Web Experiences on WordPress - A Discussion with...Webinar: Building Incredible Web Experiences on WordPress - A Discussion with...
Webinar: Building Incredible Web Experiences on WordPress - A Discussion with...WP Engine
 

Andere mochten auch (18)

WP Engine #WooConf 2016: Top Live Tweet Quotes
WP Engine #WooConf 2016: Top Live Tweet QuotesWP Engine #WooConf 2016: Top Live Tweet Quotes
WP Engine #WooConf 2016: Top Live Tweet Quotes
 
Webinar: You Are Too Cheap!
Webinar: You Are Too Cheap! Webinar: You Are Too Cheap!
Webinar: You Are Too Cheap!
 
WordPress Management & Marketing Tools
WordPress Management & Marketing ToolsWordPress Management & Marketing Tools
WordPress Management & Marketing Tools
 
Personalization With WordPress - Interactive Strategies 2016
Personalization With WordPress - Interactive Strategies 2016Personalization With WordPress - Interactive Strategies 2016
Personalization With WordPress - Interactive Strategies 2016
 
Webinar: Experts Weigh in on the State of WordPress for 2017
Webinar: Experts Weigh in on the State of WordPress for 2017Webinar: Experts Weigh in on the State of WordPress for 2017
Webinar: Experts Weigh in on the State of WordPress for 2017
 
Portfolio
PortfolioPortfolio
Portfolio
 
8 Hidden Features on WordPress
8 Hidden Features on WordPress8 Hidden Features on WordPress
8 Hidden Features on WordPress
 
Webinar: Myths, Mistakes and Management of WooCommerce at Scale
Webinar: Myths, Mistakes and Management of WooCommerce at ScaleWebinar: Myths, Mistakes and Management of WooCommerce at Scale
Webinar: Myths, Mistakes and Management of WooCommerce at Scale
 
Today's Security Threat Landscape
Today's Security Threat LandscapeToday's Security Threat Landscape
Today's Security Threat Landscape
 
Best Practices for WordPress
Best Practices for WordPressBest Practices for WordPress
Best Practices for WordPress
 
Pitch Perfect: Agency Secrets to Winning More Business
Pitch Perfect: Agency Secrets to Winning More BusinessPitch Perfect: Agency Secrets to Winning More Business
Pitch Perfect: Agency Secrets to Winning More Business
 
The WordPress Industry Survey 2016
The WordPress Industry Survey 2016The WordPress Industry Survey 2016
The WordPress Industry Survey 2016
 
Content and Commerce: How to use WordPress and Shopify to increase your profits
Content and Commerce: How to use WordPress and Shopify to increase your profitsContent and Commerce: How to use WordPress and Shopify to increase your profits
Content and Commerce: How to use WordPress and Shopify to increase your profits
 
Training Webinar: Cover your bases - a security webinar
Training Webinar: Cover your bases - a security webinarTraining Webinar: Cover your bases - a security webinar
Training Webinar: Cover your bases - a security webinar
 
How iOS and Android Handle Security Webinar
How iOS and Android Handle Security WebinarHow iOS and Android Handle Security Webinar
How iOS and Android Handle Security Webinar
 
Webinar: Next Generation, Data-Driven Plugin and Theme Development
Webinar: Next Generation, Data-Driven Plugin and Theme DevelopmentWebinar: Next Generation, Data-Driven Plugin and Theme Development
Webinar: Next Generation, Data-Driven Plugin and Theme Development
 
Webinar: On-Page SEO Tips and Tricks
Webinar: On-Page SEO Tips and TricksWebinar: On-Page SEO Tips and Tricks
Webinar: On-Page SEO Tips and Tricks
 
Webinar: Building Incredible Web Experiences on WordPress - A Discussion with...
Webinar: Building Incredible Web Experiences on WordPress - A Discussion with...Webinar: Building Incredible Web Experiences on WordPress - A Discussion with...
Webinar: Building Incredible Web Experiences on WordPress - A Discussion with...
 

Ähnlich wie Security Webinar: Harden the Heart of Your WordPress SiteSe

Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins
 
OWASP Top 10 Proactive Controls 2016 - PHP Québec August 2017
OWASP Top 10 Proactive Controls 2016 - PHP Québec August 2017OWASP Top 10 Proactive Controls 2016 - PHP Québec August 2017
OWASP Top 10 Proactive Controls 2016 - PHP Québec August 2017Philippe Gamache
 
OWASP Top 10 Proactive Controls 2016 - NorthEast PHP 2017
OWASP Top 10 Proactive Controls 2016 - NorthEast PHP 2017 OWASP Top 10 Proactive Controls 2016 - NorthEast PHP 2017
OWASP Top 10 Proactive Controls 2016 - NorthEast PHP 2017 Philippe Gamache
 
Essential security measures in ASP.NET MVC
Essential security measures in ASP.NET MVC Essential security measures in ASP.NET MVC
Essential security measures in ASP.NET MVC Rafał Hryniewski
 
OWASP Top 10 Web Vulnerabilities from DCC 04/14
OWASP Top 10 Web Vulnerabilities from DCC 04/14OWASP Top 10 Web Vulnerabilities from DCC 04/14
OWASP Top 10 Web Vulnerabilities from DCC 04/14Chris Holwerda
 
Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)Shrutirupa Banerjiee
 
Top Azure security fails and how to avoid them
Top Azure security fails and how to avoid themTop Azure security fails and how to avoid them
Top Azure security fails and how to avoid themKarl Ots
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Michael Pirnat
 
SecurityBSides London - Agnitio: it's static analysis but not as we know it
SecurityBSides London - Agnitio: it's static analysis but not as we know itSecurityBSides London - Agnitio: it's static analysis but not as we know it
SecurityBSides London - Agnitio: it's static analysis but not as we know itSecurity Ninja
 
How to Destroy a Database
How to Destroy a DatabaseHow to Destroy a Database
How to Destroy a DatabaseJohn Ashmead
 
Become a Security Ninja
Become a Security NinjaBecome a Security Ninja
Become a Security NinjaPaul Gilzow
 
Web Security Overview
Web Security OverviewWeb Security Overview
Web Security OverviewNoah Jaehnert
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top TenSecurity Innovation
 
Demystifying Web Application Security - JSFoo 2018
Demystifying Web Application Security - JSFoo 2018Demystifying Web Application Security - JSFoo 2018
Demystifying Web Application Security - JSFoo 2018shyamsesh
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile WorldDavid Lindner
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngVõ Thái Lâm
 
Web hackingtools 2015
Web hackingtools 2015Web hackingtools 2015
Web hackingtools 2015devObjective
 
Making DevSecOps a Reality in your Spring Applications
Making DevSecOps a Reality in your Spring ApplicationsMaking DevSecOps a Reality in your Spring Applications
Making DevSecOps a Reality in your Spring ApplicationsHdiv Security
 

Ähnlich wie Security Webinar: Harden the Heart of Your WordPress SiteSe (20)

Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja WarriorsRyan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
Ryan Elkins - Simple Security Defense to Thwart an Army of Cyber Ninja Warriors
 
OWASP Top 10 Proactive Controls 2016 - PHP Québec August 2017
OWASP Top 10 Proactive Controls 2016 - PHP Québec August 2017OWASP Top 10 Proactive Controls 2016 - PHP Québec August 2017
OWASP Top 10 Proactive Controls 2016 - PHP Québec August 2017
 
OWASP Top 10 Proactive Controls 2016 - NorthEast PHP 2017
OWASP Top 10 Proactive Controls 2016 - NorthEast PHP 2017 OWASP Top 10 Proactive Controls 2016 - NorthEast PHP 2017
OWASP Top 10 Proactive Controls 2016 - NorthEast PHP 2017
 
Essential security measures in ASP.NET MVC
Essential security measures in ASP.NET MVC Essential security measures in ASP.NET MVC
Essential security measures in ASP.NET MVC
 
OWASP Top 10 Web Vulnerabilities from DCC 04/14
OWASP Top 10 Web Vulnerabilities from DCC 04/14OWASP Top 10 Web Vulnerabilities from DCC 04/14
OWASP Top 10 Web Vulnerabilities from DCC 04/14
 
Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)
 
Top Azure security fails and how to avoid them
Top Azure security fails and how to avoid themTop Azure security fails and how to avoid them
Top Azure security fails and how to avoid them
 
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
Shiny, Let’s Be Bad Guys: Exploiting and Mitigating the Top 10 Web App Vulner...
 
SecurityBSides London - Agnitio: it's static analysis but not as we know it
SecurityBSides London - Agnitio: it's static analysis but not as we know itSecurityBSides London - Agnitio: it's static analysis but not as we know it
SecurityBSides London - Agnitio: it's static analysis but not as we know it
 
Web Security
Web SecurityWeb Security
Web Security
 
How to Destroy a Database
How to Destroy a DatabaseHow to Destroy a Database
How to Destroy a Database
 
Become a Security Ninja
Become a Security NinjaBecome a Security Ninja
Become a Security Ninja
 
Web Security Overview
Web Security OverviewWeb Security Overview
Web Security Overview
 
How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten How to Test for The OWASP Top Ten
How to Test for The OWASP Top Ten
 
Demystifying Web Application Security - JSFoo 2018
Demystifying Web Application Security - JSFoo 2018Demystifying Web Application Security - JSFoo 2018
Demystifying Web Application Security - JSFoo 2018
 
AppSec in an Agile World
AppSec in an Agile WorldAppSec in an Agile World
AppSec in an Agile World
 
Top 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn CườngTop 10 mobile security risks - Khổng Văn Cường
Top 10 mobile security risks - Khổng Văn Cường
 
Web hackingtools 2015
Web hackingtools 2015Web hackingtools 2015
Web hackingtools 2015
 
Web hackingtools 2015
Web hackingtools 2015Web hackingtools 2015
Web hackingtools 2015
 
Making DevSecOps a Reality in your Spring Applications
Making DevSecOps a Reality in your Spring ApplicationsMaking DevSecOps a Reality in your Spring Applications
Making DevSecOps a Reality in your Spring Applications
 

Mehr von WP Engine

More Dev. Less Drama.pdf
More Dev. Less Drama.pdfMore Dev. Less Drama.pdf
More Dev. Less Drama.pdfWP Engine
 
Why the Edge Isn't an Edge Case.pdf
Why the Edge Isn't an Edge Case.pdfWhy the Edge Isn't an Edge Case.pdf
Why the Edge Isn't an Edge Case.pdfWP Engine
 
Post eCommerce Site Launch- Optimizing Your Conversion Rate.pdf
Post eCommerce Site Launch- Optimizing Your Conversion Rate.pdfPost eCommerce Site Launch- Optimizing Your Conversion Rate.pdf
Post eCommerce Site Launch- Optimizing Your Conversion Rate.pdfWP Engine
 
Demo - New Features for Atlas.pdf
Demo - New Features for Atlas.pdfDemo - New Features for Atlas.pdf
Demo - New Features for Atlas.pdfWP Engine
 
Debunking The Myths of Migration.pdf
Debunking The Myths of Migration.pdfDebunking The Myths of Migration.pdf
Debunking The Myths of Migration.pdfWP Engine
 
Keeping Your WordPress Sites Safe Amidst A Rise in Global Cyberattacks.pdf
Keeping Your WordPress Sites Safe Amidst A Rise in Global Cyberattacks.pdfKeeping Your WordPress Sites Safe Amidst A Rise in Global Cyberattacks.pdf
Keeping Your WordPress Sites Safe Amidst A Rise in Global Cyberattacks.pdfWP Engine
 
Building WordPress eCommerce at Scale .pdf
Building WordPress eCommerce at Scale .pdfBuilding WordPress eCommerce at Scale .pdf
Building WordPress eCommerce at Scale .pdfWP Engine
 
When to Choose Headless for Clients.pdf
When to Choose Headless for Clients.pdfWhen to Choose Headless for Clients.pdf
When to Choose Headless for Clients.pdfWP Engine
 
Best Practices for Site Deployment With Local.pdf
Best Practices for Site Deployment With Local.pdfBest Practices for Site Deployment With Local.pdf
Best Practices for Site Deployment With Local.pdfWP Engine
 
Site Monitoring: The Intersection of Product, UX Design & Research .pdf
Site Monitoring: The Intersection of Product, UX Design & Research .pdfSite Monitoring: The Intersection of Product, UX Design & Research .pdf
Site Monitoring: The Intersection of Product, UX Design & Research .pdfWP Engine
 
Front End: Building Future-Proof eCommerce Sites.pdf
Front End: Building Future-Proof eCommerce Sites.pdfFront End: Building Future-Proof eCommerce Sites.pdf
Front End: Building Future-Proof eCommerce Sites.pdfWP Engine
 
Gutenberg and Headless WordPress.pdf
Gutenberg and Headless WordPress.pdfGutenberg and Headless WordPress.pdf
Gutenberg and Headless WordPress.pdfWP Engine
 
Blueprints and Other Local Features for Agencies.pdf
Blueprints and Other Local Features for Agencies.pdfBlueprints and Other Local Features for Agencies.pdf
Blueprints and Other Local Features for Agencies.pdfWP Engine
 
Modern Theming & The Future of WordPress- Working with Full Site Editing and ...
Modern Theming & The Future of WordPress- Working with Full Site Editing and ...Modern Theming & The Future of WordPress- Working with Full Site Editing and ...
Modern Theming & The Future of WordPress- Working with Full Site Editing and ...WP Engine
 
6 WooCommerce Dev Tricks for Building Fast eCommerce Websites.pdf
6 WooCommerce Dev Tricks for Building Fast eCommerce Websites.pdf6 WooCommerce Dev Tricks for Building Fast eCommerce Websites.pdf
6 WooCommerce Dev Tricks for Building Fast eCommerce Websites.pdfWP Engine
 
Headless 101 for WordPress Developers.pdf
Headless 101 for WordPress Developers.pdfHeadless 101 for WordPress Developers.pdf
Headless 101 for WordPress Developers.pdfWP Engine
 
Be the Change: The Future of WordPress with WP Engine's Developer Relations Team
Be the Change: The Future of WordPress with WP Engine's Developer Relations TeamBe the Change: The Future of WordPress with WP Engine's Developer Relations Team
Be the Change: The Future of WordPress with WP Engine's Developer Relations TeamWP Engine
 
An Atlas of Atlas.pdf
An Atlas of Atlas.pdfAn Atlas of Atlas.pdf
An Atlas of Atlas.pdfWP Engine
 
2022 – Year of the WordPress Developer.pdf
2022 – Year of the WordPress Developer.pdf2022 – Year of the WordPress Developer.pdf
2022 – Year of the WordPress Developer.pdfWP Engine
 
Using WooCommerce to Scale Your Store
Using WooCommerce to Scale Your StoreUsing WooCommerce to Scale Your Store
Using WooCommerce to Scale Your StoreWP Engine
 

Mehr von WP Engine (20)

More Dev. Less Drama.pdf
More Dev. Less Drama.pdfMore Dev. Less Drama.pdf
More Dev. Less Drama.pdf
 
Why the Edge Isn't an Edge Case.pdf
Why the Edge Isn't an Edge Case.pdfWhy the Edge Isn't an Edge Case.pdf
Why the Edge Isn't an Edge Case.pdf
 
Post eCommerce Site Launch- Optimizing Your Conversion Rate.pdf
Post eCommerce Site Launch- Optimizing Your Conversion Rate.pdfPost eCommerce Site Launch- Optimizing Your Conversion Rate.pdf
Post eCommerce Site Launch- Optimizing Your Conversion Rate.pdf
 
Demo - New Features for Atlas.pdf
Demo - New Features for Atlas.pdfDemo - New Features for Atlas.pdf
Demo - New Features for Atlas.pdf
 
Debunking The Myths of Migration.pdf
Debunking The Myths of Migration.pdfDebunking The Myths of Migration.pdf
Debunking The Myths of Migration.pdf
 
Keeping Your WordPress Sites Safe Amidst A Rise in Global Cyberattacks.pdf
Keeping Your WordPress Sites Safe Amidst A Rise in Global Cyberattacks.pdfKeeping Your WordPress Sites Safe Amidst A Rise in Global Cyberattacks.pdf
Keeping Your WordPress Sites Safe Amidst A Rise in Global Cyberattacks.pdf
 
Building WordPress eCommerce at Scale .pdf
Building WordPress eCommerce at Scale .pdfBuilding WordPress eCommerce at Scale .pdf
Building WordPress eCommerce at Scale .pdf
 
When to Choose Headless for Clients.pdf
When to Choose Headless for Clients.pdfWhen to Choose Headless for Clients.pdf
When to Choose Headless for Clients.pdf
 
Best Practices for Site Deployment With Local.pdf
Best Practices for Site Deployment With Local.pdfBest Practices for Site Deployment With Local.pdf
Best Practices for Site Deployment With Local.pdf
 
Site Monitoring: The Intersection of Product, UX Design & Research .pdf
Site Monitoring: The Intersection of Product, UX Design & Research .pdfSite Monitoring: The Intersection of Product, UX Design & Research .pdf
Site Monitoring: The Intersection of Product, UX Design & Research .pdf
 
Front End: Building Future-Proof eCommerce Sites.pdf
Front End: Building Future-Proof eCommerce Sites.pdfFront End: Building Future-Proof eCommerce Sites.pdf
Front End: Building Future-Proof eCommerce Sites.pdf
 
Gutenberg and Headless WordPress.pdf
Gutenberg and Headless WordPress.pdfGutenberg and Headless WordPress.pdf
Gutenberg and Headless WordPress.pdf
 
Blueprints and Other Local Features for Agencies.pdf
Blueprints and Other Local Features for Agencies.pdfBlueprints and Other Local Features for Agencies.pdf
Blueprints and Other Local Features for Agencies.pdf
 
Modern Theming & The Future of WordPress- Working with Full Site Editing and ...
Modern Theming & The Future of WordPress- Working with Full Site Editing and ...Modern Theming & The Future of WordPress- Working with Full Site Editing and ...
Modern Theming & The Future of WordPress- Working with Full Site Editing and ...
 
6 WooCommerce Dev Tricks for Building Fast eCommerce Websites.pdf
6 WooCommerce Dev Tricks for Building Fast eCommerce Websites.pdf6 WooCommerce Dev Tricks for Building Fast eCommerce Websites.pdf
6 WooCommerce Dev Tricks for Building Fast eCommerce Websites.pdf
 
Headless 101 for WordPress Developers.pdf
Headless 101 for WordPress Developers.pdfHeadless 101 for WordPress Developers.pdf
Headless 101 for WordPress Developers.pdf
 
Be the Change: The Future of WordPress with WP Engine's Developer Relations Team
Be the Change: The Future of WordPress with WP Engine's Developer Relations TeamBe the Change: The Future of WordPress with WP Engine's Developer Relations Team
Be the Change: The Future of WordPress with WP Engine's Developer Relations Team
 
An Atlas of Atlas.pdf
An Atlas of Atlas.pdfAn Atlas of Atlas.pdf
An Atlas of Atlas.pdf
 
2022 – Year of the WordPress Developer.pdf
2022 – Year of the WordPress Developer.pdf2022 – Year of the WordPress Developer.pdf
2022 – Year of the WordPress Developer.pdf
 
Using WooCommerce to Scale Your Store
Using WooCommerce to Scale Your StoreUsing WooCommerce to Scale Your Store
Using WooCommerce to Scale Your Store
 

Kürzlich hochgeladen

Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Paul Calvano
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Sonam Pathan
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Excelmac1
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhimiss dipika
 

Kürzlich hochgeladen (20)

Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24Font Performance - NYC WebPerf Meetup April '24
Font Performance - NYC WebPerf Meetup April '24
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170Call Girls Near The Suryaa Hotel New Delhi 9873777170
Call Girls Near The Suryaa Hotel New Delhi 9873777170
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...Blepharitis inflammation of eyelid symptoms cause everything included along w...
Blepharitis inflammation of eyelid symptoms cause everything included along w...
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Contact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New DelhiContact Rya Baby for Call Girls New Delhi
Contact Rya Baby for Call Girls New Delhi
 

Security Webinar: Harden the Heart of Your WordPress SiteSe

  • 2. #wpewebinar CROP IMAGE TO GRAY BOX We’ll answer as many questions as we can after the presentation ASK QUESTIONS AS WE GO Slides and recording will be made available shortly after the webinar Use the “Questions” pane throughout the webinar
  • 3. #wpewebinar WHAT YOU’LL LEARN: ● What is OWASP? ● What are the OWASP Top Ten? ● How each might affect your website ● How to mitigate risks for each vulnerability ● Q&A
  • 4. #wpewebinar Security Engineer WP Engine Justin Dailey ● Background in HW and digital electronics ● Sports enthusiast ● Loves all things outdoors Security Architect WP Engine Will West ● Made a gatling gun with sonar sensor ● 6’8” Tall ● Does not play basketball
  • 7. #wpewebinar CROP IMAGE TO GRAY BOX CROP IMAGE TO GRAY BOX CROP IMAGE TO GRAY BOX CROP IMAGE TO GRAY BOX CROP IMAGE TO GRAY BOX CROP IMAGE TO GRAY BOX CROP IMAGE TO GRAY BOX CROP IMAGE TO GRAY BOX CROP IMAGE TO GRAY BOX CROP IMAGE TO GRAY BOX Injection OWASP Top 10 Weak authentication and session management XSS Insecure Direct Object References Security Misconfiguration Sensitive Data Exposure Missing Function Level Access Control Cross Site Request Forgery Using Components with Known Vulnerabilities Unvalidated Redirects and Forwards A1 A2 A3 A4 A5 A6 A7 A8 A9 A10
  • 8. #wpewebinar Poll: Are you currently doing anything to secure your website against these Top 10 threats?
  • 9. #wpewebinar A1 Injection Description • Different types: SQL, LDAP, ORM, XML, XPath, Code Injection, Command Injection, Buffer Overflows • Execution of unintended commands • Unauthorized data access
  • 10. #wpewebinar A1 Injection Description • Different types: SQL, LDAP, ORM, XML, XPath, Code Injection, Command Injection, Buffer Overflows • Execution of unintended commands • Unauthorized data access Protections • Enforce input type and length • Ensure special characters are escaped • Validate all input fields and use an input validation whitelist • Avoid dynamic queries or commands
  • 11. #wpewebinar Description A2 Weak authentication and session management • Attacks take advantage of improper authentication or session management practices • Leads to access to sensitive information such as passwords, keys, or tokens • Execution of privileged application functions
  • 12. #wpewebinar Description A2 Weak authentication and session management • Attacks take advantage of improper authentication or session management practices • Leads to access to sensitive information such as passwords, keys, or tokens • Execution of privileged application functions Protections • Follow standard and recommended practices for user management and authentication • Perform user and role validation on all actions • Use secure session cookie flags • Always use CSRF tokens with forms
  • 13. #wpewebinar A3 Cross Site Scripting (XSS) Description • An application places data from untrusted sources into site content without performing proper validation and/or escaping • Allows client side script execution • Can lead to compromised credentials and sessions, site defacement, and redirection to malicious sites
  • 14. #wpewebinar A3 Cross Site Scripting (XSS) Description • An application places data from untrusted sources into site content without performing proper validation and/or escaping • Allows client side script execution • Can lead to compromised credentials and sessions, site defacement, and redirection to malicious sites Protections • Positive input validation using correct character set • Sanitize input • Output encode all user data during upon rendering
  • 15. #wpewebinar A4 Insecure Direct Object References Description • Reference to an internal object such as a file, directory, or database key is exposed • Leads to unauthorized data access directly or by manipulation
  • 16. #wpewebinar A4 Insecure Direct Object References Description • Reference to an internal object such as a file, directory, or database key is exposed • Leads to unauthorized data access directly or by manipulation Protections • Ensure access control checks are performed when using direct object references • Use reference maps instead of direct reference such as IDs
  • 17. #wpewebinar Description A5 Security Misconfiguration • Insecure server or application configurations that allow unintended access to data or application functions • Can be a result of naive configurations, default configurations, outdated software
  • 18. #wpewebinar Description A5 Security Misconfiguration • Insecure server or application configurations that allow unintended access to data or application functions • Can be a result of naive configurations, default configurations, outdated software Protections • A repeatable and testable hardening process incorporating development, QA, and production • Regular update and patching processes • Periodic scans and audits
  • 19. #wpewebinar A6 Sensitive Data Exposure Description • Improper protection and/or encryption of sensitive data such as personally identifiable information, payment methods, and credentials • Exposure can occur in rest or in transit • Can lead to fraud, PR nightmares, and further exploitation
  • 20. #wpewebinar A6 Sensitive Data Exposure Description • Improper protection and/or encryption of sensitive data such as personally identifiable information, payment methods, and credentials • Exposure can occur in rest or in transit • Can lead to fraud, PR nightmares, and further exploitation Protections • Encrypt all sensitive data at rest and in transit • Avoid storing sensitive data at all costs • Use standard and modern cryptography and hashing algorithms
  • 21. #wpewebinar A7 Missing Function Level Access Control Description • Authentication verification is performed on the front end (UI) but is not properly performed on application functions • Verification must be performed on all functions at all levels • Allows unauthorized access to functions and data
  • 22. #wpewebinar A7 Missing Function Level Access Control Description • Authentication verification is performed on the front end (UI) but is not properly performed on application functions • Verification must be performed on all functions at all levels • Allows unauthorized access to functions and data Protections • Perform validations client side AND server side • Use explicit grants, deny by default
  • 23. #wpewebinar Description A8 Cross Site Request Forgery • An attack forcing a logged in victim’s browser to send a forged HTTP request which includes local session information • Requests target vulnerable sites that do not perform proper request validation
  • 24. #wpewebinar Description A8 Cross Site Request Forgery • An attack forcing a logged in victim’s browser to send a forged HTTP request which includes local session information • Requests target vulnerable sites that do not perform proper request validation Protections • Include an unpredictable CSRF token in each HTTP request
  • 25. #wpewebinar A9 Using Components with Known Vulnerabilities Description • Known vulnerabilities in utilized libraries and frameworks can be compromised used readily available tools • Can allow attacks to bypass security measures through exploitation
  • 26. #wpewebinar A9 Using Components with Known Vulnerabilities Description • Known vulnerabilities in utilized libraries and frameworks can be compromised used readily available tools • Can allow attacks to bypass security measures through exploitation Protections • Maintain awareness of the components and versions utilized by your application • Monitor the security of these components via public notifications such as vulnerability mailing lists etc • Establish and follow policies dictating what software components are acceptable to use
  • 27. #wpewebinar A10 Unvalidated Redirects and Forwards Description • Use of redirects and forwards with untrusted data determining the destination pages • Redirection can be exploited to direct users to malicious sites performing phishing or malware distribution
  • 28. #wpewebinar A10 Unvalidated Redirects and Forwards Description • Use of redirects and forwards with untrusted data determining the destination pages • Redirection can be exploited to direct users to malicious sites performing phishing or malware distribution Protections • Avoid redirects and forwards if possible • If they are used, do not include dynamic parameters in calculating the destination
  • 29. #wpewebinar Slides and recording will be made available shortly after the webinar QUESTIONS AND ANSWERS
  • 30. #wpewebinar 8 KEY SECURITY QUESTIONS YOUR HOSTING COMPANY SHOULD BE ABLE TO ANSWER RESOURCES OWASP TOP 10 2013 PROJECT OWASP VULNERABLE WEB APPLICATIONS DIRECTORY PROJECT LIVE INTERVIEW WITH DAVID ENDLER OF MANIFEST ON WEB SECURITY 15 WAYS TO HARDEN THE SECURITY OF YOUR WORDPRESS SITE RECORDED WEBINAR: TODAY’S WEBSITE SECURITY THREAT LANDSCAPE (FEATURING TONY PEREZ, SUCURI)
  • 31. #wpewebinar CROP IMAGE TO GRAY BOX NEXT UP... Register Now: http://wpeng.in/ email Wednesday, Feb 22 11:00 a.m. CST, 12:00 p.m. EST, 9:00 a.m. PST, 5:00 p.m. UTC/GMT