NORMA eResearch @NCI Library

Abstraction and automation of WordPress vulnerability scanning

Farrell, Stephen (2023) Abstraction and automation of WordPress vulnerability scanning. Masters thesis, Dublin, National College of Ireland.

[thumbnail of Master of Science]
PDF (Master of Science)
Download (1MB) | Preview
[thumbnail of Configuration manual]
PDF (Configuration manual)
Download (1MB) | Preview


The purpose of this work is to increase the threat assessment coverage against the most common Content Management System (CMS) in use, WordPress. WordPress represents 63.8% of all CMS in use on the Internet. The product's ubiquity has made it a target for exploitation, with around 90,000 WordPress sites attacked every minute. This threat vector is not included in risk reports to customers and, as a result, is a critical gap in identifying and remediating risks. Using a combination of open-source tools, data format conversion and process workflow. a WordPress vulnerability service was created that abstracts the complexity of the underlying API calls and presents the output into a customer-friendly non-technical executive summary, with the findings correctly formatted to import into the risk register solution. The service increases the threat assessment coverage by adding detections for 37,627 known WordPress vulnerabilities. The human effort to scan each customer was reduced from 30 minutes to zero minutes. This solution specifically addresses WordPress; future work should address the remaining 36.2% of CMS products in order of popularity to increase detection coverage.

Item Type: Thesis (Masters)
Parsons, Stephen
Subjects: Q Science > QA Mathematics > Electronic computers. Computer science
T Technology > T Technology (General) > Information Technology > Electronic computers. Computer science
Q Science > QA Mathematics > Computer software > Computer Security
T Technology > T Technology (General) > Information Technology > Computer software > Computer Security
Z Bibliography. Library Science. Information Resources > ZA Information resources > ZA4150 Computer Network Resources > The Internet > World Wide Web > Websites > Web logs. Blogs.
T Technology > TK Electrical engineering. Electronics. Nuclear engineering > Telecommunications > The Internet > World Wide Web > Websites > Web logs. Blogs.
Divisions: School of Computing > Master of Science in Cyber Security
Depositing User: Tamara Malone
Date Deposited: 28 Apr 2023 14:09
Last Modified: 28 Apr 2023 14:09

Actions (login required)

View Item View Item