Presentation is loading. Please wait.

Presentation is loading. Please wait.

PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015.

Published byMary Morton Modified over 9 years ago

Similar presentations

Presentation on theme: "PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015."— Presentation transcript:

1 PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015

2 TOPICS SECURITYREST APIWORDPRESS

3 What is WordPress?

4 CMSDB WORDPRESS

5 CMSDB WORDPRESS CORE

6 CMSDB WORDPRESS CORE API

7 CMSDB WORDPRESS CORE API REST API

8

9 What is it good for?

10 REST API Absolutely everything. Say it again y’all!

11 REST API API RESTful Development HTTP Headers Authentication

12 REST API API Application Programming Interface(API) is a set of routines, protocols, and tools for building software.

13 REST API

14

15

16

17 RESTful Development Representational State Transfer(REST) is a software architecture style for building scalable web services.

18 REST API

19

20

21 HTTP Headers Hypertext Transfer Protocol(HTTP) headers define the parameters of the HTTP request and response messages.

22 REST API

23

24

25 Authentication Method of authenticating the API requests: Cookie, Basic, OAuth, HMAC

26 SECURITY You have been hacked! Cross-site request forgery(CSRF) - uses a trusted users session. Playback Attack - an intercepted request and is resent.

27 SECURITY Cookie Authentication Is the basic authentication included with WordPress. When you log in to your dashboard, this sets up cookies in your browser.

28 SECURITY

29 Basic Authentication Is an optional authentication handler for external clients. Basic authentication requires you to pass the username and password with each request.

30 SECURITY OAuth Authentication Is the main authentication handler for external clients. OAuth uses tokens that enables clients to access the API.

31 SECURITY

32

33

34 HMAC Authentication Hash-based Message Authentication Code(HMAC) is a hash function that is considered practically impossible to invert.

35 SECURITY

36

37 Thank You (Questions || Comments || Suggestions) Sean Borsodi | WordCamp Fayetteville 2015

Download ppt "PROTECT YO SELF OR WRECK YO SELF WordPress REST API & Security Sean Borsodi | WordCamp Fayetteville 2015."

Similar presentations

Server Access The REST of the Story David Cleary

Server Access The REST of the Story David Cleary
WHO AM I? REST? Dissertation by Roy Fielding 2000 Architectural Styles and the Design of Network-based Software Architectures ReST = Representational.

WHO AM I? REST? Dissertation by Roy Fielding 2000 Architectural Styles and the Design of Network-based Software Architectures ReST = Representational.
Overview of Twitter API Nathan Liu. Twitter API Essentials Twitter API is a Representational State Transfer(REST) style web services exposed over HTTP(S).

Overview of Twitter API Nathan Liu. Twitter API Essentials Twitter API is a Representational State Transfer(REST) style web services exposed over HTTP(S).
Building RESTful Interfaces

Building RESTful Interfaces
Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal 1 1 2 2 4 4 3,6 5 5 7 7 8 8 9 9 1010 1010 DNS Hello User Sample (Gateway)

Dispatcher Conditional Expression Static Request Filter Attribute Filter Portal , DNS Hello User Sample (Gateway)
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.

Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
Interfacing with the MyRutgers Portal to send RU Alerts Lars Sorensen

Interfacing with the MyRutgers Portal to send RU Alerts Lars Sorensen
Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  

Alcatel Identity Server Alcatel SEL AG. Alcatel Identity Server — 2 All rights reserved © 2004, Alcatel What is an Identity Provider?  
Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.

Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.
WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.

WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
SPC204 Security Problems in SharePoint 2010 Authentication and Authorization.

SPC204 Security Problems in SharePoint 2010 Authentication and Authorization.
魂▪創▪通魂▪創▪通 2013. 11. 15. Use Case and Requirement for Future Work Sangrae Cho Authentication Research Team.

魂▪創▪通魂▪創▪通 Use Case and Requirement for Future Work Sangrae Cho Authentication Research Team.
What’s Next in ColdFusion Raymond Camden. This Guy  Developer Evangelist for Adobe  Blog:   Twitter:

What’s Next in ColdFusion Raymond Camden. This Guy  Developer Evangelist for Adobe  Blog:   Twitter:
Session 11: Security with ASP.NET

Session 11: Security with ASP.NET
Remotely authenticating against the Service Framework.

Remotely authenticating against the Service Framework.
Introduction to InfoSec – Recitation 7 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 7 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.

Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University

November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.

Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.

Similar presentations

Ads by Google