In the world of modern, ever-evolving web applications, Content Management Systems (CMS) are the backbone of countless websites, with WordPress being one of the most widely used Content Management Systems. However, the ubiquity of WordPress also makes it a prime target for cyberattacks given its market share. This course is designed to equip security professionals, web application pentesters, and developers with the skills and knowledge needed to identify, assess, exploit and mitigate security vulnerabilities in WordPress websites.
This course will start off by introducing you to the CMS Security Testing process and will provide you with a comprehensive methodology that you can use as a guide to thoroughly test CMSs for common vulnerabilities and misconfigurations. This course will then introduce you to WordPress and will outline the process of performing information gathering and enumeration on a WordPress site both manually and automatically. The information obtained from this enumeration phase will set the stage for the next phases set to follow.
You will then learn how to put to use the information gathered in the enumeration phase by learning how to perform a vulnerability scan on a WordPress site in order to identify vulnerabilities in themes and plugins. Armed with this knowledge, you will then learn how to exploit vulnerabilities identified in themes and plugins. This course also covers the process of performing various types of authentication attacks that will involve enumerating user accounts on a WordPress site, and will demonstrate how to utilize these usernames to perform a brute force attack to obtain valid login credentials.