YoVDO

Raining CVEs on WordPress Plugins with Semgrep

Offered By: nullcon via YouTube

Tags

nullcon Courses Cross-Site Scripting (XSS) Courses Vulnerability Analysis Courses WordPress Security Courses Semgrep Courses

Course Description

Overview

Explore a comprehensive conference talk on leveraging Semgrep, an open-source static code analyzer, to identify vulnerabilities in WordPress plugins at scale. Learn how custom rules were developed to scan over 80,000 plugins for SQL injection, cross-site scripting (XSS), and local file inclusion (LFI) vulnerabilities. Discover techniques for reducing false positives, converting time-based blind SQLi to union-based attacks, and bypassing filters. Gain insights into the creation of XSSBomb, an automated XSS validator. Watch demonstrations on basic Semgrep usage, custom rule writing, and running scans on vulnerable plugin repositories. Understand the real-world implications of this research, which resulted in 47 confirmed bugs and assigned CVEs, while also highlighting best practices for secure coding in WordPress.

Syllabus

Raining CVEs On WordPress Plugins With Semgrep by Shreya Pohekar & Sheeraz Ali | Nullcon Goa 2022


Taught by

nullcon

Related Courses

Writing a Language Server in OCaml for Emacs - Fun and Profit
EmacsConf and Emacs hangouts via YouTube
Detecting Malicious Dependencies at Scale with Static Analysis
OWASP Foundation via YouTube
No Size Fits All: Empowering Engineers with Custom Application Security Tests
NDC Conferences via YouTube
Effective SAST: Secure Code Analysis in the CI/CD
DevConf via YouTube
Introduzione a SAST e Mobile Security Testing
DevSecCon via YouTube