I’ve decided to dedicate all 8 Worthwhile Weekly Bits of Information that I found this week to the topic of Security.
First of all, I want to thank all Plugin writers for making our blogging life easier by donating your time and your skills to the WordPress community. But on the other hand I’d like everyone to be more cautious when installing a new plugin, be aware of potential security vulnerabilities and know how to identify if the code in the plugin addresses all possible security attacks.
I’ve already talked about the two most common security vulnerabilities on the internet in my post The Secret Truth About The Plugins Security, and provided you with some links to learn more about XSS and SQL injections. Today I’m listing 8 more sites where you can find out which plugins and applications are vulnerable, and how to protect your sites from the security attacks.
- Vulnerability – This is a comprehensive tutorial on various vulnerabilities from Wikipedia.
- Security Corner: SQL Injection – one of the many valuable articles from Chris Shiflett. Make sure to check his blog that targets topics on PHP and Web Application Security.
- XSS and SQL Injections from user input – More examples that show how vulnerable HTML forms can be.
- Cross Site Scripting : Skinning Flickr with MSIE – an illustrative example of how an attacker can transform your site with XSS.
- Community Creators, Secure Your Code! – A List Apart talks about XSS and how to protect your site from the attacks. If you’re not a programmer, you may find the demonstrated code quite overwhelming, but I’m still posting it here for those who want to know more technical details.
- Armorize Vulnerability Database – a “comprehensive library that allows you to effectively search web application vulnerability” by category, by programming language, by year and keywords.
- Security Focus and Bugtraq – this site reveals security flaws in different applications, and Bugtraq is an archived collection of all security reports. You can also perform a search with the application or plugin name to see there are any security bugs associated with it. It has a report on WordPress source code compromised to enable remote code execution.
- Secunia – Vulnerability and Virus Information. Another site where you can search for the interested plugin or application and find any related bugs associated with it if any.
If you know of any other helpful security resources, please share them with us here.