undefined | Better HN

0 pointsBjornW4y ago0 comments

There are multiple attack vectors I can think of, although most can be mitigated using other security measures. I don't want to rely on audits only off course. To give you an example: using the WordPress environment as a stepping stone to gain more access, running client-side software without out permission (stealing data from visitors, our resources e.g. crypto miners), defacement/fake-news, etc.

0 comments

TekMol4y ago

My reply to this would be that this is very broad.

In my experience, if you really want to make your infrastructure more secure, you need to explicitely define what it is you want to avoid.

Taking your first point: You say "using the WordPress environment as a stepping stone to gain more access". What type of stepping stone would this be? How can malicious JS on the WP instance escalate its privileges?

j / k navigate · click thread line to collapse

0 pointsBjornW4y ago0 comments

0 comments

TekMol4y ago

My reply to this would be that this is very broad.

In my experience, if you really want to make your infrastructure more secure, you need to explicitely define what it is you want to avoid.

j / k navigate · click thread line to collapse