Analysis of security CMS platforms by vulnerability scanners


Abstract

Subject of security the most popular CMS platforms has been undertaken in the following thesis. There were introduced fundamental informations about subject CMS platforms and vulnerability scanners utilised to research. For research purposes Wordpress and Joomla websites were created and investigated for security by vulnerability scanners OWASP ZAP, Vega, Detectify and Skipfish. Results were grouped by some criteria: vulnerabilities by category and vulnerabilities by threat level. Obtained results were examined in two ways: analysis of residual results, for each website scanning and analysis of aggregated results from all scanners. After that, conclusions about CMS platforms security have been drawn.


Keywords

CMS; security; vulnerability scanner

Acunetix Web Application Vulnerability Report 2019, https://cdn2.hubspot.net/hubfs/4595665/Acunetix_web_application_vulnerability_report_2019.pdf, [04.05.2020].

Meike M., Sametinger J., Wiesauer A., Security in Open Source Web Content Management Systems, IEEE Security and Privacy Magazine, 2009.

Patel S.K., Rathod V.R., Parikh S., Comparative Analysis Of Web Security In Open Source Content Management System, ISSP, 2013.

Patel S.K., Rathod V.R., Parikh S., Joomla. Drupal and WordPress - A Statistical Comparison of Open Source CMS, IEEE, 2011.

Sagala A., Manurung E., Testing and Comparing Result Scanning Using Web Vulnerability Scanner, American Scientific Publishers, 2015.

Usage statistics of content management systems, https://w3techs.com/technologies/overview/content_management, [ 07.04.2020].

Pepper C., Tietz M., Weeks D., Open Source Development and Application Security Survey Analysis, Securosis, 2014.

WordPress, https://WordPress.org, [07.04.2020].

Joomla!, https://www.joomla.org/, [07.04.2020].

OWASP ZAP, https://www.zaproxy.org/, [21.05.2020].

Vega, https://subgraph.com/vega/, [21.05.2020].

Detectify, https://detectify.com/, [21.05.2020].

SkipfishDoc, https://code.google.com/archive/p/skipfish/wikis/SkipfishDoc.wiki, [21.05.2020].

Download

Published : 2020-09-30


Zamościński, P., & Kozieł, G. (2020). Analysis of security CMS platforms by vulnerability scanners. Journal of Computer Sciences Institute, 16, 261-268. https://doi.org/10.35784/jcsi.2020

Patryk Zamościński  patryk.zamoscinski@pollub.edu.pl
  Poland
Grzegorz Kozieł