SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals

Experience SANS training through course previews.
Learn MoreLet us help.
Contact usBecome a member for instant access to our free resources.
Sign UpWe're here to help.
Contact UsWordPress is the most used Content Management System (CMS) for websites that runs 42.8% of all Internet Websites (w3tech, Oct 2021). WordPress users range from individual users to large corporations who use it to run a blog site, e-commerce store, company website, and more. One of the reasons for its popularity is the availability of themes and plugins developed by third parties that allow the website owner to add functionality easily without knowing how to code. At the same time, there has been an increasing trend of finding vulnerabilities from these third-party plugins. This paper will explore and compare the result of finding WordPress vulnerabilities on previous plugins with known Common Vulnerabilities and Exposures (CVE) vulnerabilities using a Static Application Security Testing (SAST) and WordPress specific scanner, WPScan. This paper will compare the effectiveness of a SAST to proactively find vulnerabilities against WPScan which detects vulnerabilities reactively as they need to be reported in its database to find a match.