Training
Featured CourseView All Courses
Get a Free Hour of SANS Training

Experience SANS training through course previews.

Learn More
Learning Paths
FeaturedView all Focus Areas
Cloud Security Training, Courses, and Resources
Can't find what you are looking for?

Let us help.

Contact us
Community Resources

SANS Community Benefits

Connect, learn, and share with other cybersecurity professionals

AI Risk & Readiness

Explore expert-driven guidance, training, and tools to help defend against AI-powered threats and adopt AI securely.

Join the SANS Community

Become a member for instant access to our free resources.

Sign Up
For Organizations

Public Sector

Mission-focused cybersecurity training for government, defense, and education

Partnerships

Explore industry-specific programming and customized training solutions

Sponsorship Opportunities

Sponsor a SANS event or research paper

Interested in developing a training plan to fit your organization’s needs?

We're here to help.

Contact Us
Talk With an Expert
Talk With an Expert

A DFIRerent View of Web CMS Breaches - Learning from Real Attacks to Build Real Defences

  • Wed, Oct 8, 2025
  • 7:00PM - 8:00PM SGT
  • English
  • Benjamin Tan
  • Technical Presentation
Login to register
Webcast Hero

Web Content Management Systems (CMSs) like WordPress, Joomla, and Drupal are among the most common components of today’s web infrastructure—and a prime target for attackers. Despite the abundance of documentation on how to secure them, real-world breaches show that many organizations struggle to apply those best practices effectively.

In this session, we take a DFIRerent approach to CMS security. Instead of starting with theory, we’ll walk through real-life breach cases which we responded to (WordPress in both cases), where attackers successfully compromised the sites, achieved their actions on objectives, and left system administrators and defenders playing catch-up. We’ll highlight the attack paths and techniques we encountered in these breaches, the challenges we faced during the incident response process, and most importantly, how we translate these insights into actionable steps that you can apply to your own CMS environments within a day (or two).

These DFIR cases will never make it to the news—so do join us this evening if you are interested to hear more about them!

Meet Your Speaker

Benjamin Tan
Benjamin Tan

Benjamin Tan

Chief Executive Officer

Benjamin has more than 15 years of cybersecurity experience, including heading the Cybersecurity Operations Centre and the Cyber Incident Response Teams in the Ministry of Defence.

Read more about Benjamin Tan