By periodically performing network scanning activities on our organization's computer networks, it is sometimes possible to detect cybersecurity issues and contextually, to study and propose host-level countermeasures to prevent or mitigate possible cyber attacks designed to exploit the detected issues. In particular, in this document we focus on some issues, detected on a real-world running instance of WordPress (the well-known web content management system) and propose for each of them a possible host-level countermeasure. Finally, although this document refers to the issues and the related host-level countermeasures, which have been applied using the so-called sysadmin's approach and are specific to the web application we have analyzed, it should be clear that they could affect other similarly configured/managed web applications.
Improving the security of a WordPress instance: the sysadmin's approach
F M Lauria;F Benedetti
2022
Abstract
By periodically performing network scanning activities on our organization's computer networks, it is sometimes possible to detect cybersecurity issues and contextually, to study and propose host-level countermeasures to prevent or mitigate possible cyber attacks designed to exploit the detected issues. In particular, in this document we focus on some issues, detected on a real-world running instance of WordPress (the well-known web content management system) and propose for each of them a possible host-level countermeasure. Finally, although this document refers to the issues and the related host-level countermeasures, which have been applied using the so-called sysadmin's approach and are specific to the web application we have analyzed, it should be clear that they could affect other similarly configured/managed web applications.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
