Post on 18-Jan-2016
transcript
PROTECT YO SELF OR WRECK YO SELF
WordPress REST API & Security
Sean Borsodi | WordCamp Fayetteville 2015
TOPICS
SECURITYREST APIWORDPRESS
WORDPRESS
What is WordPress?
CMSDB
WORDPRESS
CMSDB
WORDPRESS
CORE
CMSDB
WORDPRESS
CORE
API
CMSDB
WORDPRESS
CORE
API
REST API
REST API
REST API
What is it good for?
REST API
Absolutely everything. Say it again y’all!
REST API
API
RESTful Development
HTTP Headers
Authentication
REST API
API
Application Programming Interface(API) is a set of routines, protocols,
and tools for building software.
REST API
REST API
REST API
REST API
REST API
RESTful Development
Representational State Transfer(REST) is a software architecture style
for building scalable web services.
REST API
REST API
REST API
REST API
HTTP Headers
Hypertext Transfer Protocol(HTTP) headers define the parameters of
the HTTP request and response messages.
REST API
REST API
REST API
REST API
Authentication
Method of authenticating the API requests: Cookie, Basic, OAuth, HMAC
SECURITY
You have been hacked!
Cross-site request forgery(CSRF) - uses a trusted users session.
Playback Attack - an intercepted request and is resent.
SECURITY
Cookie Authentication
Is the basic authentication included with WordPress. When you log in
to your dashboard, this sets up cookies in your browser.
SECURITY
SECURITY
Basic Authentication
Is an optional authentication handler for external clients. Basic
authentication requires you to pass the username and password
with each request.
SECURITY
OAuth Authentication
Is the main authentication handler for external clients. OAuth
uses tokens that enables clients to access the API.
SECURITY
SECURITY
SECURITY
SECURITY
HMAC Authentication
Hash-based Message Authentication Code(HMAC) is a hash
function that is considered practically impossible to invert.
SECURITY
SECURITY
Thank You(Questions || Comments || Suggestions)
Sean Borsodi | WordCamp Fayetteville 2015