Upload
aishwarya-iyer
View
127
Download
0
Embed Size (px)
Citation preview
By- Aishwarya IyerCISC (3 months)
CONTENT MANAGEMENT SYSTEM
//IndexCMSTypes of CMSCMS - on different platformWhy securityVulnerabilitiesCommon Vulnerability ExposureMitigationsReferences
CMS?What is it?
//CMS-What is it? A content management system is computer
application that supports the creation and modification of digital content using a blah..blah..blah…!!!!!
Simple meaning: A web app hosted on a web server to help us make a website. A good CMS: Flexible
Easy Administration Tools to make a great website
Advantages:Reduces need to code from scratchuniform look and feel etc..
Types of CMS
//Types of CMSWeb based (WCMS)
Enterprise (ECMS)
Mobile (MCMS)
Component (CCMS)
CMS-on different platforms
//CMS-on different platforms Java based:HIPPO CMSMagnolia CMS
ASP.NET based: DotNetNukeMojoPortal
PHP based:DrupalJoomlaWordpress
Why Security?
//Why Security?
Vulnerabilities
//Vulnerabilities•Use of Frameworks•Nobody to take responsibility• Virtual gold mine for hackers once vulnerability is discovered•Weak passwords•Different plugins by different developers• SQL injection• XSS
Known attacks on CMS
//Known Attacks on CMS•Panama Paper leak:
A complete failure of CMS SecurityAttack: Vulnerable CMS PluginsThe hack:Company failed to Encrypt mailsIrresponsible use of CMSOut of date version of component
//Known Attacks on CMS•Drupal:Up to 12 million websitesAutomate Attack to take control of the siteNecessary to apply the patches within 7 hours Disadvantage: Automatic update roller
//Known Vulnerabilities(CVE’s) CVE-2016-1000138
CVE-2016-1000213
CVE-2016-1000215
CVE-2016-1000216
Many more, here:https://www.cvedetails.com/vulnerability-list/year-2016/month-11/November.html
Mitigations
//Mitigations• Using Super Strong passwords• Regular Updates• Delete stuffs you don’t use• Set proper Permissions• Disable directory listing
//Conclusions
//Thank you:• https://en.wikipedia.org/wiki/Content_management_system• https://www.imperva.com/docs/HII_Web_Application_Attack_Report_Ed5.pdf• http://www.cms.co.uk/types/• https://www.oomphinc.com/notes/2015/04/dont-hack-my-drupal-man/• https://www.isaumya.com/10-tips-to-protect-wordpress-site-from-hackers/• https://www.google.com/imghp• https://securityintelligence.com/news/new-year-new-problems-cms-vulnerabilites-take-on-2016/
Thank you