If you can't read please download the document
Upload
veselin-nikolov
View
3.179
Download
2
Embed Size (px)
Citation preview
@dzver
WordCamp Sofia 2012
Automattic WordPress.com
Automattic WordPress.com
http://automattic.com/jobs
...
1. 2. XSS3. XSRF4. SQL Injection (, 2012.)
~30% .
... .
1. wp_hash_password( 'test' );-> $P$BGMjSkfCR8K6WlxaIYZvFii89aZ
2. Saltswp_generate_password( 30 );-> P*DtBn)1WIGi)ekrSrxwDMXq1*N&Wm( )
3. error_log( print_r( $_POST ) )wp_mail( ..., ..., print_r( $_POST ) )md5( ' ' )
XSS
XSS
http://myproject.com/index.php?name=
XSS
esc_html
esc_url
esc_attr
esc_js
esc_textarea
XSS
:1. esc_*2. esc_* 3. 4. Typos
XSS
esc_*
var a = ''var b =
XSS
esc_* :