Analysis of security CMS platforms by vulnerability scanners

Patryk Zamościński

patryk.zamoscinski@pollub.edu.pl
Student (Poland)

Grzegorz Kozieł


(Poland)

Abstract

Subject of security the most popular CMS platforms has been undertaken in the following thesis. There were introduced fundamental informations about subject CMS platforms and vulnerability scanners utilised to research. For research purposes Wordpress and Joomla websites were created and investigated for security by vulnerability scanners OWASP ZAP, Vega, Detectify and Skipfish. Results were grouped by some criteria: vulnerabilities by category and vulnerabilities by threat level. Obtained results were examined in two ways: analysis of residual results, for each website scanning and analysis of aggregated results from all scanners. After that, conclusions about CMS platforms security have been drawn.


Keywords:

CMS, security, vulnerability scanner

Acunetix Web Application Vulnerability Report 2019, https://cdn2.hubspot.net/hubfs/4595665/Acunetix_web_application_vulnerability_report_2019.pdf, [04.05.2020].
  Google Scholar

Meike M., Sametinger J., Wiesauer A., Security in Open Source Web Content Management Systems, IEEE Security and Privacy Magazine, 2009.
DOI: https://doi.org/10.1109/MSP.2009.104   Google Scholar

Patel S.K., Rathod V.R., Parikh S., Comparative Analysis Of Web Security In Open Source Content Management System, ISSP, 2013.
DOI: https://doi.org/10.1109/ISSP.2013.6526932   Google Scholar

Patel S.K., Rathod V.R., Parikh S., Joomla. Drupal and WordPress - A Statistical Comparison of Open Source CMS, IEEE, 2011.
DOI: https://doi.org/10.1109/TISC.2011.6169111   Google Scholar

Sagala A., Manurung E., Testing and Comparing Result Scanning Using Web Vulnerability Scanner, American Scientific Publishers, 2015.
DOI: https://doi.org/10.1166/asl.2015.6598   Google Scholar

Usage statistics of content management systems, https://w3techs.com/technologies/overview/content_management, [ 07.04.2020].
  Google Scholar

Pepper C., Tietz M., Weeks D., Open Source Development and Application Security Survey Analysis, Securosis, 2014.
  Google Scholar

WordPress, https://WordPress.org, [07.04.2020].
  Google Scholar

Joomla!, https://www.joomla.org/, [07.04.2020].
  Google Scholar

OWASP ZAP, https://www.zaproxy.org/, [21.05.2020].
  Google Scholar

Vega, https://subgraph.com/vega/, [21.05.2020].
  Google Scholar

Detectify, https://detectify.com/, [21.05.2020].
  Google Scholar

SkipfishDoc, https://code.google.com/archive/p/skipfish/wikis/SkipfishDoc.wiki, [21.05.2020].
  Google Scholar

Download


Published
2020-09-30

Cited by

Zamościński, P., & Kozieł, G. (2020). Analysis of security CMS platforms by vulnerability scanners. Journal of Computer Sciences Institute, 16, 261–268. https://doi.org/10.35784/jcsi.2020

Authors

Patryk Zamościński 
patryk.zamoscinski@pollub.edu.pl
Student Poland

Authors

Grzegorz Kozieł 

Poland

Statistics

Abstract views: 647
PDF downloads: 471