PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015.

Slides:

Advertisements

Similar presentations

Server Access The REST of the Story David Cleary

Advertisements

WHO AM I? REST? Dissertation by Roy Fielding 2000 Architectural Styles and the Design of Network-based Software Architectures ReST = Representational.

Overview of Twitter API Nathan Liu. Twitter API Essentials Twitter API is a Representational State Transfer(REST) style web services exposed over HTTP(S).

Building RESTful Interfaces

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)

Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.

Interfacing with the MyRutgers Portal to send RU Alerts Lars Sorensen

Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  

Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.

WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

SPC204 Security Problems in SharePoint 2010 Authentication and Authorization.

魂▪創▪通魂▪創▪通 Use Case and Requirement for Future Work Sangrae Cho Authentication Research Team.

What’s Next in ColdFusion Raymond Camden. This Guy  Developer Evangelist for Adobe  Blog:   Twitter:

Session 11: Security with ASP.NET

Remotely authenticating against the Service Framework.

Introduction to InfoSec – Recitation 7 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.

November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University

Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.

© FPT SOFTWARE – TRAINING MATERIAL – Internal use 04e-BM/NS/HDCV/FSOFT v2/3 Securing a Microsoft ASP.NET Web Application.

Python and REST Kevin Hibma. What is REST? Why REST? REST stands for Representational State Transfer. (It is sometimes spelled "ReST".) It relies on a.

Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.

SSL, Single Sign On, and External Authentication Presented By Jeff Kelley April 12, 2005.

Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted.

Internet and Social Media Security. Outline Statistics Facebook Hacking and Security Data Encryption Cell Phone Hacking.

Introduction to the SharePoint 2013 REST API. 2 About Me SharePoint Solutions Architect at Sparkhound in Baton Rouge

October 3, 2008IMI Security Symposium Application Security through a Hacker’s Eyes James Walden Northern Kentucky University

© 2010 – MAD Security, LLC All rights reserved Team Operations Collaborate with Armitage and Metasploit.

Cookies and Sessions IDIA 618 Fall 2014 Bridget M. Blodgett.

SSO Case Study Suchin Rengan Principal Technical Architect Salesforce.com.

CP476 Internet Computing CGI1 Cookie –Cookie is a mechanism for a web server recall info of accessing of a client browser –A cookie is an object sent by.

1 Securing Network Services. 2 How TCP Works Set up connection between port on source host to port on destination host Each connection consists of sequence.

Deconstructing API Security

Access control 2/18/2009. TOMCAT Security Model Declarative Security:  the expression of application security external to the application, and it allows.

Web2.0 Secure Development Practice Bruce Xia

Securing Angular Apps Brian Noyes

Agenda Pattern Authenticate a user against UCWA Operations happen using the user’s identity Interact with the UCWA service endpoint Make HTTP requests.

Wes Hackett Principal Solutions Architect Chris O’Brien Head of Development.

Security in OPC Unified Architecture (UA) Dick Oyen IndustrialSysDev, Inc.

WEB SECURITY WEEK 1 Computer Security Group University of Texas at Dallas.

THE API AN INTRODUCTION TO THE MINISTRYPLATFORM APPLICATION PROGRAMMING INTERFACE STEPHEN WAREHAM.

National College of Science & Information Technology.

Srinivas Balivada USC CSCE548 07/22/2016.  Cookies are generally set server-side using the ‘Set-Cookie’ HTTP header and sent to the client  In PHP to.

ArcGIS for Server Security: Advanced

Cookies Tutorial Cavisson Systems Inc..

Ask the Experts – Building Login-Based Sites in AEM

API (Application Program Interface)

Embed Power BI in your Web application

World Wide Web policy.

Node.js Express Web Applications

Authentication & .htaccess

API Security Auditing Be Aware,Be Safe

Node.js Express Web Services

WEB-API & MVC5 - Identity & Security

What is REST API ? A REST (Representational State Transfer) Server simply provides access to resources and the REST client accesses and presents the.

Some bits on how it works

Making apps social and connected with HTTP services

Web Systems Development (CSC-215)

Cross-Site Request Forgery (CSRF) Attack Lab

COMP3220 Web Infrastructure COMP6218 Web Architecture

$, $$, $$$ API testing Edition

Token-based Authentication

Technical Integration Guide

CS5220 Advanced Topics in Web Programming Secure REST API

Python and REST Kevin Hibma.

Computer Network Information Center, Chinese Academy of Sciences

Presentation transcript:

PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015

TOPICS SECURITYREST APIWORDPRESS

What is WordPress?

CMSDB WORDPRESS

CMSDB WORDPRESS CORE

CMSDB WORDPRESS CORE API

CMSDB WORDPRESS CORE API REST API

What is it good for?

REST API Absolutely everything. Say it again y’all!

REST API API RESTful Development HTTP Headers Authentication

REST API API Application Programming Interface(API) is a set of routines, protocols, and tools for building software.

REST API

RESTful Development Representational State Transfer(REST) is a software architecture style for building scalable web services.

REST API

HTTP Headers Hypertext Transfer Protocol(HTTP) headers define the parameters of the HTTP request and response messages.

REST API

Authentication Method of authenticating the API requests: Cookie, Basic, OAuth, HMAC

SECURITY You have been hacked! Cross-site request forgery(CSRF) - uses a trusted users session. Playback Attack - an intercepted request and is resent.

SECURITY Cookie Authentication Is the basic authentication included with WordPress. When you log in to your dashboard, this sets up cookies in your browser.

SECURITY

Basic Authentication Is an optional authentication handler for external clients. Basic authentication requires you to pass the username and password with each request.

SECURITY OAuth Authentication Is the main authentication handler for external clients. OAuth uses tokens that enables clients to access the API.

SECURITY

HMAC Authentication Hash-based Message Authentication Code(HMAC) is a hash function that is considered practically impossible to invert.

SECURITY

Thank You (Questions || Comments || Suggestions) Sean Borsodi | WordCamp Fayetteville 2015