To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Artwork

Security Software Development Tech News Information Security Brian Johnson Tech News
Content provided by Brian Johnson. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Brian Johnson or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Similar to 7 Minute Security

Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

7 Minute Security « »
7MS #264: Hacking Wordpress

11:36
 
Play
Playing
Share
 

MP3Episode home
Manage episode 181929645 series 1288763
Content provided by Brian Johnson. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Brian Johnson or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

I was pleasantly surprised to see a Wordpress site fall into a pentest scope this past week. One helpful tool to get familiar with when attacking Wordpress sites is wpscan, which is built right into Kali - or you can grab it from GitHub. Get familiar with the command line flags as they can help you conduct a more gentle scan that recovers from site errors/disconnections more easily. Specifically, read up on these options:

  • --throttle - for example, I've been using --throttle 1000 in order to be a bit less intense on my target site

  • --request-timeout and --connect-timeout help your scan recover smoothly from site errors/timeouts

Also, if you find yourself in a situation where you're testing a production Wordpress sight (not recommended), consider setting up a free up/downtime alert via a free service like Uptime Robot so you can get emails if the site ever poops out. That certainly beats hitting F5 in Firefox every 10 seconds :-)

  continue reading

641 episodes

#Security #Software Development #Tech News #Information Security #Brian Johnson #Tech #News
Artwork

7MS #264: Hacking Wordpress

7 Minute Security

232 subscribers

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 181929645 series 1288763
Content provided by Brian Johnson. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Brian Johnson or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

I was pleasantly surprised to see a Wordpress site fall into a pentest scope this past week. One helpful tool to get familiar with when attacking Wordpress sites is wpscan, which is built right into Kali - or you can grab it from GitHub. Get familiar with the command line flags as they can help you conduct a more gentle scan that recovers from site errors/disconnections more easily. Specifically, read up on these options:

  • --throttle - for example, I've been using --throttle 1000 in order to be a bit less intense on my target site

  • --request-timeout and --connect-timeout help your scan recover smoothly from site errors/timeouts

Also, if you find yourself in a situation where you're testing a production Wordpress sight (not recommended), consider setting up a free up/downtime alert via a free service like Uptime Robot so you can get emails if the site ever poops out. That certainly beats hitting F5 in Firefox every 10 seconds :-)

  continue reading

641 episodes

#Security #Software Development #Tech News #Information Security #Brian Johnson #Tech #News

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Similar to 7 Minute Security

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Quick Reference Guide

Top Podcasts
The Bill Simmons Podcast
PTI
First Take
Marketplace
Comedy of the Week
The Bugle
How Did This Get Made?
Doug Loves Movies
Planet Money
TED Talks Daily
NBC Nightly News with Lester Holt
The World This Hour
Daily Boost Motivation and Coaching
Radiolab
Science Friday
This American Life
Criminal
Sword and Scale
In The Dark
Player FM logo
Help/FAQ | Upgrade | Advertise
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2024 | Sitemap | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox