dxw launches cyber

2018 will be a big year for dxw. In June, we’ll be ten years old. We’ve learned a lot about how to get things done in the public sector in that time. We want to improve users’ experience of government, and help government teams work differently. But building great digital services is only part of […]

Meltdown and Spectre

At the beginning of 2018, two classes of attacks on computer processors (CPUs) were announced, Meltdown and Spectre, which will require updates to be applied both to desktop and server systems. These vulnerabilities affect almost all computers worldwide. dxw would like to reassure all our clients and the organisations that we work with, that we […]

XSS in WordPress: a tutorial

One of the most common vulnerabilities in WordPress plugins is cross site scripting – XSS for short. The basic premise of XSS is that an attacker is able to cause JavaScript to run in somebody else’s browser, while they’re on a website that the attacker shouldn’t be able to control. By the end of this, […]

Trends in WordPress plugin security

Most of my time recently has involved working with WordPress plugin security. In a previous post I talked about some of the vulnerabilities which the dxw Security team have discovered and recently published. One of my other responsibilities is monitoring lots of feeds for plugin security vulnerabilities reported by other people and adding them to […]

Some WordPress Plugin vulnerabilities we’ve published recently

Most of my time recently has involved working with WordPress plugin security and I’d like to have a look at some of the security issues and themes which I’ve come across recently: One of my day-to-day responsibilities is managing the quality assurance and reporting of security vulnerability reports which we produce as a result of […]