Hacking (insecure) TYPO3 v9 site during TYPO3camp Mitteldeutschland 2019 (T3CMD). Demonstrating impact of Cross-Site Scripting, compromised HMAC signing using (disclosed) encryption key via Insecure Deserialization as well as SQL Injection via insecure TypoScript.
4. T3CMD19 TYPO3camp Mitteldeutschland 2019 - Hacking TYPO3
Web Application Security
4
▪ CIA/compliance triad
▪ confidentiality
▪ private, personal, sensitive information
▪ integrity
▪ manipulation of information (“fake news”)
▪ availability
▪ denial of service
▪ online bank account
▪ blocking information flow
https://www.ibm.com/blogs/cloud-computing/2018/01/16/drive-compliance-cloud/
5. T3CMD19 TYPO3camp Mitteldeutschland 2019 - Hacking TYPO3 5
Web Application Security
Open Web Application Security Project - TOP 10 vulnerabilities
https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
TYPO3 core TYPO3 3rd party extensionsPHP world
TYPO3vulnerabilitiesinpast5years