Information Security Specialist
Certified Ethical Hacker (CEH, EC Council). Experienced with tools like Burp Suite, Acunetix and OpenVAS.
Certified Information Systems Security Professional (CISSP, ISC2). Experienced at keeping businesses running in the event of a disaster.
Masters degrees in Software Engineering (2002) and Information Security (2020) at Royal Holloway, University of London.
Certified Computer Hacking Forensic Investigator (EC Council, CHFI). Analysis of compromised servers or websites to determine the intrusion vector and the extent of the infection, removal of infection/backdoors and returning systems to normal function.
At the start of this report into WordPress security, we listed three main objectives, which were: To provide an explanation of how WordPress sites are often compromised and why. This will be based on real data gathered from the Defiant
What is required to build secure WordPress websites and how to ensure they stay secure. There are a number of considerations that need to be taken into account when first developing a secure WordPress site, however a good starting point
This section of the report looks at the importance of responsible disclosure. I do this by carrying out an analysis of Wordfence attack data following the responsible disclosure of vulnerabilities in two WordPress plugins, and comparing this to attack data
As mentioned in the introduction, I am a Senior Security Analyst in the Wordfence Security Services Team (SST). The SST is a group of security analysts responsible for cleaning compromised websites and performing security audits on WordPress websites. Wordfence already
The following is an analysis of how WordPress applications can be impacted by each of the OWASP Top 10 vulnerabilities discussed in the previous section. Much of the following research originates from work carried out by the Wordfence team, as
OWASP (The Open Web Application Security Project) describe themselves as a “worldwide not-for-profit charitable organization focused on improving the security of software” . They run a number of projects related to web application security, however the project they are best known for
In this section we are going to provide a Background to Content Management Systems with a look at what a Content Management System is and then go on to look at specific options for Web Content Management Systems available today.
Introduction to Content Management Systems and WordPress I decided to write about Content Management Systems and WordPress after seeing the damage that irresponsible disclosure can have on website owners globally. WordPress is the most popular Content Management System (CMS) in
I recently completed a Master degree in Information Security at Royal Holloway, University of London. My dissertation was on the importance of responsible disclosure of vulnerabilites, so I’m going to start with a few posts on that subject. I’ll hopefully