CNR Institutional Research Information System

By periodically performing network scanning activities on our organization's computer networks, it is sometimes possible to detect cybersecurity issues and contextually, to study and propose host-level countermeasures to prevent or mitigate possible cyber attacks designed to exploit the detected issues.In particular, in this document we focus on some issues, detected on a real-world running instance of WordPress (the well-known web content management system) and propose for each of them a possible host-level countermeasure.Finally, although this document refers to the issues and the related host-level countermeasures, which have been applied using the so-called sysadmin's approach and are specific to the web application we have analyzed, it should be clear that they could affect other similarly configured/managed web applications.

Improving the security of a WordPress instance: the sysadmin's approach

F. M. Lauria;S. Ruberti;F. Benedetti
2022

Abstract

By periodically performing network scanning activities on our organization's computer networks, it is sometimes possible to detect cybersecurity issues and contextually, to study and propose host-level countermeasures to prevent or mitigate possible cyber attacks designed to exploit the detected issues.In particular, in this document we focus on some issues, detected on a real-world running instance of WordPress (the well-known web content management system) and propose for each of them a possible host-level countermeasure.Finally, although this document refers to the issues and the related host-level countermeasures, which have been applied using the so-called sysadmin's approach and are specific to the web application we have analyzed, it should be clear that they could affect other similarly configured/managed web applications.
2022
Istituto di informatica e telematica - IIT
cybersecurity
blackbox-testing
wordpress
sysadmin
http
https
ssl
apache
xml-rpc
cron
08.04 Rapporto tecnico
File in questo prodotto:
File Dimensione Formato  
prod_471611-doc_191647.pdf

accesso aperto

Descrizione: Improving the security of a WordPress instance: the sysadmin's approach
Licenza: Creative commons
Dimensione 297.13 kB
Formato Adobe PDF
Visualizza/Apri
297.13 kB Adobe PDF Visualizza/Apri

I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.

Utilizza questo identificativo per citare o creare un link a questo documento: https://hdl.handle.net/20.500.14243/413396
Citazioni
  • ???jsp.display-item.citation.pmc??? ND
  • Scopus ND
  • ???jsp.display-item.citation.isi??? ND
social impact