Security in Open Source Web Content Management Systems

Meike, Michael; Sametinger, Johannes; Wiesauer, Andreas

doi:10.1109/msp.2009.104

Cited by 21 publications

(24 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The more add-ons or extensions that are included in a WCMS platform, the more the negative impact on security. As will be discussed later, our work updates [16] and contributes in a practical way to the results obtained in [27].…”

Section: Related Workmentioning

confidence: 84%

“…The studies done in [16,27] introduced and analyzed security in WCMS. In particular, authors identified in [16] the vulnerabilities and attacks that WCMS are exposed to, and proposed possible countermeasures. As a case study, they used Joomla!…”

Section: Related Workmentioning

confidence: 99%

“…However, WCMS are a key piece of today's Internet, and have become a target for attackers [14,15]. If a WCMS has security vulnerabilities, it may become inaccessible [16], with the corresponding negative effects. Usual attack consequences are: confidential data destruction, data modification, misuse of a web-server for illegal activities, and Denial-of-Service (DoS), among others.…”

Section: Introductionmentioning

confidence: 99%

“…Analyzing the obtained results, Joomla! and Drupal present low or very low risk, unlike the outcomes obtained in [16]. Testing SQL injection in the website developed with Joomla!, there were 133 total alerts, and their risk level was low or 1; whereas testing XSS, we obtained a total of 122 alerts with the same risk level.…”

mentioning

confidence: 95%

“…86% of those web-browser attacks correspond to an XSS attack, thus constituting a vast majority. In an XSS attack, a mischievous user finds a means to insert a malicious code fragment into the website [16]. That is, an XSS attack injects a malicious sequence of commands into a trusted website executed on the visitor's web-browser (without the visitor's knowledge), and therefore, the attacker has access to sensitive user data, such as session tokens and cookies, stored in the browser [44].…”

mentioning

confidence: 99%

See 4 more Smart Citations

A Comparative Study of Web Content Management Systems

et al. 2018

View full text Add to dashboard Cite

Web Content Management Systems (WCMS) play an increasingly important role in the Internet's evolution. They are software platforms that facilitate the implementation of a web site or an e-commerce and are gaining popularity due to its flexibility and ease of use. In this work, we explain from a tutorial perspective how to manage WCMS and what can be achieved by using them. With this aim, we select the most popular open-source WCMS; namely, Joomla!, WordPress, and Drupal. Then, we implement three websites that are equal in terms of requirements, visual aspect, and functionality, one for each WCMS. Through a qualitative comparative analysis, we show the advantages and drawbacks of each solution, and the complexity associated. On the other hand, security concerns can arise if WCMS are not appropriately used. Due to the key position that they occupy in today's Internet, we perform a basic security analysis of the three implement websites in the second part of this work. Specifically, we explain vulnerabilities, security enhancements, which errors should not be done, and which WCMS is initially safer.

show abstract

Section: Related Workmentioning

confidence: 84%

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

mentioning

confidence: 95%

mentioning

confidence: 99%

See 3 more Smart Citations

A Comparative Study of Web Content Management Systems

et al. 2018

View full text Add to dashboard Cite

show abstract

A Vulnerability Detection Framework for CMS Using Port Scanning Technique

Asaduzzaman¹,

Rawshan²,

Liya³

et al. 2020

Cyber Security and Computer Science

View full text Add to dashboard Cite

Towards an Access-Control Metamodel for Web Content Management Systems

Martínez¹,

García-Alfaro²,

Cuppens³

et al. 2013

Current Trends in Web Engineering

View full text Add to dashboard Cite

Abstract. Out-of-the-box Web Content Management Systems (WCMSs) are the tool of choice for the development of millions of enterprise web sites but also the basis of many web applications that reuse WCMS for important tasks like user registration and authentication. This widespread use highlights the importance of their security, as WCMSs may manage sensitive information whose disclosure could lead to monetary and reputation losses. However, little attention has been brought to the analysis of how developers use the content protection mechanisms provided by WCMSs, in particular, Access-control (AC). Indeed, once configured, knowing if the AC policy provides the required protection is a complex task as the specificities of each WCMS need to be mastered. To tackle this problem, we propose here a metamodel tailored to the representation of WCMS AC policies, easing the analysis and manipulation tasks by abstracting from vendor-specific details.

show abstract

Security in Open Source Web Content Management Systems

Cited by 21 publications

References 7 publications

A Comparative Study of Web Content Management Systems

A Comparative Study of Web Content Management Systems

A Vulnerability Detection Framework for CMS Using Port Scanning Technique

Towards an Access-Control Metamodel for Web Content Management Systems

Contact Info

Product

Resources

About