Loading…
This event has ended. View the official site or create your own event → Check it out
This event has ended. Create your own
Join us at OWASP AppSec APAC 2014 !!
View analytic
Wednesday, March 19 • 5:00pm - 5:50pm
次の大きな攻撃の波に準備しろ!:CMSシステムへのハッキング / Get Ready for the Next Big Wave of Attacks: Hacking of Leading CMS Systems

Sign up or log in to save this to your schedule and see who's attending!

この発表の中身を決めるのは、、、貴方だ!
講演前にカンファレンス参加者はセキュリティのテストをしたい自分の好きなWordPressプラグインをemailで教えてほしい。講演中のデモでリクエストのあったプラグインに対してセキュリティ診断を行う。
以前、同じような試みをしたところWordPressのプラグインでダウンロードされるトップ50のうち30%は一般的なWeb攻撃の脆弱性を持つことが示された。今回はどうなるだろうか。

この試みを続けているのは、プラグインのセキュリティ診断を行うことは多くの攻撃に対するハッカーとしての第一歩となるからだ。対照的に、SQLMapなどのツールを用いて過去の多くのSQLインジェクション攻撃への対応では、サイトのプラットフォームやカスタマイズされた開発コードに焦点を当てていない。むしろ、WordPressやJoomlaのような人気を博しているCMSへの攻撃は有効だ。
成熟し市場に浸透しているCMSはマーケティングやセールスや人事などに属する個人が容易に自分用のサイトを構築することができる。このため脆弱性をアプリケーションに持っていたとしても、CMSは広く使われている。

The flow of this talk is given by – you! Before this talk, we emailed the audience to provide us with their favorite WordPress plugins that they would like to test for security. In a live demo, we assess the security of the requested plugins. Previous similar trials that we performed on WordPress showed that 30% of the top 50 most downloaded plugins were vulnerable to common Web attacks. What will be the results of this experiment?

As we’ll continue to show, assessing the security posture of a plugin is only the hacker’s first step in mass attacks. As opposed to past mass SQL Injection attacks which leveraged tools such as SQLMap, these next wave of attacks do not focus on the site’s platform or customized development code. Rather, these attacks leverage on the increasing popularity of CMS platforms such as WordPress and Joomla. The maturity, prevalence and market penetration of CMS platforms allow any marketing, sales or HR individual to easily set up their own fully-operational site. Accordingly, CMS apps are flourishing – and so are the vulnerabilities in these apps.

Speakers
avatar for Sanjay Agnani

Sanjay Agnani

General Manager, New Business Development Dept., Intelligent Wave Inc
アグナニ サンジェ/Sanjay Agnani, | General Manager, New Business Development Department, | Intelligent Wave Inc., Japan (A DNP Group Company) | | Sanjay Agnani is General Manager of New Business Development for Intelligent | Wave Inc., Japan. Sanjay has more than nineteen years of experience in | software development, information security, malware analysis and source-code | analysis. In his present role, he is responsible for... Read More →
avatar for Helen Bravo

Helen Bravo

Product Manager, Checkmarx
Helen Bravo is the Product Manager at Checkmarx. Helen has more than fifteen years of experience in software development, IT security and source-code analysis. | Prior to working at Checkmarx, Helen has worked in Comverse one of the biggest Israeli Hi-tech firms as a software engineer and product manager for security matters. Helen holds a B.A. in Economics and Business Administration from the Israeli University of Haifa and started her... Read More →


Wednesday March 19, 2014 5:00pm - 5:50pm
Secure Your Site Hall(HALL WEST)

Attendees (2)