Back To Schedule
Tuesday, October 13 • 14:15 - 15:00
Too Big to Fail - Breaking WordPress Core

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

When attacking web applications, what do you do when there are no injection points? No false-assumptions? No logical errors? Most of the times you just move on, perhaps look for bad code in a different component or third party plugin. What if that target is just too important to give up on? What if your target is the most popular web platform in the world?

This talk will focus on the recent vulnerabilities found in WordPress core, one of the most securely written web apps in the world. We will begin with a carefully orchestrated race condition leading to Privilege Escalation, and all the way to SQL injection and persistent XSS attacks, in 20% of the top 1M sites on the Internet. We will dive deep into a system that seems un-penetrable, and analyze a chain of bugs no one thought exploitable, in order to describe one of the most interesting WebApp vulnerabilities in CMS history.

Join us for a journey through the eyes of one researcher who made it to core WordPress and lived, to get a glimpse of how one searches for vulnerabilities in massive code and how to catch oh-so-important developer misses.

avatar for Netanel Rubin

Netanel Rubin

Senior Vulnerability Researcher, PerimeterX
Netanel is a senior vulnerability researcher that has several significant findings under his belt. Starting his security career at the age of 16, Netanel performed security assessments for many international companies and organizations, including banks and government offices. Following... Read More →

Tuesday October 13, 2015 14:15 - 15:00 IDT
Room 10 - CS and Communications Building
  Track 2

Attendees (1)