Analysis of security CMS platforms by vulnerability scanners
Abstract
Subject of security the most popular CMS platforms has been undertaken in the following thesis. There were introduced fundamental informations about subject CMS platforms and vulnerability scanners utilised to research. For research purposes Wordpress and Joomla websites were created and investigated for security by vulnerability scanners OWASP ZAP, Vega, Detectify and Skipfish. Results were grouped by some criteria: vulnerabilities by category and vulnerabilities by threat level. Obtained results were examined in two ways: analysis of residual results, for each website scanning and analysis of aggregated results from all scanners. After that, conclusions about CMS platforms security have been drawn.
Keywords:
CMS, security, vulnerability scannerReferences
Acunetix Web Application Vulnerability Report 2019, https://cdn2.hubspot.net/hubfs/4595665/Acunetix_web_application_vulnerability_report_2019.pdf, [04.05.2020].
Google Scholar
Meike M., Sametinger J., Wiesauer A., Security in Open Source Web Content Management Systems, IEEE Security and Privacy Magazine, 2009.
DOI: https://doi.org/10.1109/MSP.2009.104
Google Scholar
Patel S.K., Rathod V.R., Parikh S., Comparative Analysis Of Web Security In Open Source Content Management System, ISSP, 2013.
DOI: https://doi.org/10.1109/ISSP.2013.6526932
Google Scholar
Patel S.K., Rathod V.R., Parikh S., Joomla. Drupal and WordPress - A Statistical Comparison of Open Source CMS, IEEE, 2011.
DOI: https://doi.org/10.1109/TISC.2011.6169111
Google Scholar
Sagala A., Manurung E., Testing and Comparing Result Scanning Using Web Vulnerability Scanner, American Scientific Publishers, 2015.
DOI: https://doi.org/10.1166/asl.2015.6598
Google Scholar
Usage statistics of content management systems, https://w3techs.com/technologies/overview/content_management, [ 07.04.2020].
Google Scholar
Pepper C., Tietz M., Weeks D., Open Source Development and Application Security Survey Analysis, Securosis, 2014.
Google Scholar
WordPress, https://WordPress.org, [07.04.2020].
Google Scholar
Joomla!, https://www.joomla.org/, [07.04.2020].
Google Scholar
OWASP ZAP, https://www.zaproxy.org/, [21.05.2020].
Google Scholar
Vega, https://subgraph.com/vega/, [21.05.2020].
Google Scholar
Detectify, https://detectify.com/, [21.05.2020].
Google Scholar
SkipfishDoc, https://code.google.com/archive/p/skipfish/wikis/SkipfishDoc.wiki, [21.05.2020].
Google Scholar
Authors
Grzegorz KoziełPoland
Statistics
Abstract views: 647PDF downloads: 471
License
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.