OWASP

WordPress Security: OWASP 2017 – A3 Sensitive Data Exposure

Confidential data can be intercepted in the middle of transport (between user and application server). This can be a great risk when associated with personal or financial data. WordPress internals has several mechanisms which mitigate this risk: Usage of Portable PHP Password Hashing Framework on users password Integrated permission system which controls private data access.…

Read More »

WordPress Security: OWASP 2017 – A2 Broken Authentication

Authentication allow users to access their data using their own credentials. In web application this is one of major risks. Web application which have broken authentication can allow users access data of other users which they are not supposed to have access. Web application with broken authentication can be e through several ways, such as…

Read More »

WordPress Security: OWASP 2017 – A1 Injection

WordPress, as any kind of web application, can have security risks. One of it is an injection of malicious code which is not intended by the WordPress owner to be executed. This type of security risk has been defined by OWASP. Injection can happen because of several things: There is no validation, sanitation, or filtering…

Read More »

WordPress Plugin Security: Preventing SQL Injection

SQL Injection is code injection on SQL queries used in an application using SQL database. WordPress uses MySQL so it has risks getting an attack through SQL Injection. In OWASP (Open Web Application Security Project) Injection is listed as the top threat in web-based applications, SQL Injection is a part of it. We can prevent…

Read More »