Static Code Analysis Using Watchtower

The following article was published in 2600 magazine (Volume 30, Number 2) in Summer of 2013. It is republished here with permission.

A Clever Spam Delivery Mechanism

This week a client forwarded me a spam email he received that I thought was interesting. It is reproduced below, with sensitive information and spam links redacted out:

A Payload Dump from a Malfunctioning Wordpress Spam Bot

I stumbled onto this comment in a client’s Wordpress database, and thought it was interesting. It looks like a spam bot malfunctioned and output all of (or at least, a large portion of) its comments. They are reproduced below:

Introducing Watchtower - a Platform- and Language-Agnostic Static Code Analysis Tool

I’ve been working on a tool that I call “Watchtower” for the last several weeks. Watchtower is a platform- and language-agnostic Static Code Analysis tool that can be used for code audits and incident-response.

Introducing Foresight - A Wordpress Security Plugin

I recently published a new plugin to the Wordpress.org Plugins Directory. I call it Foresight. It is available for download here:

http://wordpress.org/extend/plugins/foresight/

Foresight is a simple plugin that serves a simple purpose: it helps blog administrators to stay current on known exploits for Wordpress and for Wordpress plugins.