Security research project seeking collaborators
-
I’m a PhD student at the University of California Irvine, and we are working on a security research project that uses machine learning to effectively insert missing permission checks in PHP applications like WordPress. Roughly half of the exploits on WordPress plugins would be prevented by correct permissions checks. We’re hoping to collaborate with someone who is running a WordPress site with moderate traffic (or better) to get some training data for our machine learning experiments. Minimum traffic would be ~100 unique visitors per day, with some admin activity. The site admin would just record requests for a few days and replay them on our custom PHP interpreter. If privacy is not an issue, we can do the replay in our lab. Our project is funded by an NSF grant. The research results will be submitted to a top-level security conference (Usenix/Oakland/CCS/NDSS), and credit will be given to all collaborators. Please let me know if anyone is interested in joining our efforts to secure WordPress and similar applications from future exploits.
-
This is the support forum for sites hosted on WordPress.com. WordPress.com does not allow custom plugins or themes to be uploaded and every line of code is looked at by our developers.
We won’t be able to provide you with a record of request for any site hosted on WordPress.com.
You may want to try over at WordPress.org where you’ll find a community of people who have installed the WordPress software onto their own server environment.
Here is a link to the WordPress.org support forums:
https://wordpress.org/support/You will also find more about Security in WordPress in our white paper:
https://wordpress.org/about/security/Please also note for the future,the WordPress.com forums are not the place to solicit research help. You may review our community guidelines here:
https://en.forums.wordpress.com/topic/wordpresscom-forums-community-standards?replies=1 -
I read the forum rules on wordpress.org, but it’s not clear whether they will slam me the way you just slammed me here. What do you recommend?
-
Hi @byronuci!
Unfortunately, I can’t say for sure whether any WordPress.org users would be willing to contribute to the research you’re doing. However, I think the WordPress.org forums that Brooke mentioned will be your best bet. Alternatively, perhaps you could look at attending a WordPress meetup in your area and see if there are any other WordPress.org users willing to help out. You could post to the meetup-specific forum here:
-
I just don’t want to post in their forum if they are going to take offense at it and get angry, like I’m spamming them with solicitations. That’s pretty much the response I got here, and I’d like to avoid that in the future. But it’s unclear whether they will consider it spam or just another ordinary post–I really can’t tell by reading their rules.
-
Hi @byronuci,
First, I’m sorry if you feel like you were shunned from the forum here! We’re only able to help out with WordPress.com sites, which is why Brooke directed you to the WordPress.org Forums.
I would honestly recommend the WordPress Meetup route. You can find a list of them here:
If you attend a meetup, chances are you’ll be able to find someone to help out!
- The topic ‘Security research project seeking collaborators’ is closed to new replies.
WordPress.com Forums 