aishwarya cms

By- Aishwarya IyerCISC (3 months)

CONTENT MANAGEMENT SYSTEM

//IndexCMSTypes of CMSCMS - on different platformWhy securityVulnerabilitiesCommon Vulnerability ExposureMitigationsReferences

CMS?What is it?

//CMS-What is it? A content management system is computer

application that supports the creation and modification of digital content using a blah..blah..blah…!!!!!

Simple meaning: A web app hosted on a web server to help us make a website. A good CMS: Flexible

Easy Administration Tools to make a great website

Advantages:Reduces need to code from scratchuniform look and feel etc..

Types of CMS

//Types of CMSWeb based (WCMS)

Enterprise (ECMS)

Mobile (MCMS)

Component (CCMS)

CMS-on different platforms

//CMS-on different platforms Java based:HIPPO CMSMagnolia CMS

ASP.NET based: DotNetNukeMojoPortal

PHP based:DrupalJoomlaWordpress

Why Security?

//Why Security?

Vulnerabilities

//Vulnerabilities•Use of Frameworks•Nobody to take responsibility• Virtual gold mine for hackers once vulnerability is discovered•Weak passwords•Different plugins by different developers• SQL injection• XSS

Known attacks on CMS

//Known Attacks on CMS•Panama Paper leak:

A complete failure of CMS SecurityAttack: Vulnerable CMS PluginsThe hack:Company failed to Encrypt mailsIrresponsible use of CMSOut of date version of component

//Known Attacks on CMS•Drupal:Up to 12 million websitesAutomate Attack to take control of the siteNecessary to apply the patches within 7 hours Disadvantage: Automatic update roller

//Known Vulnerabilities(CVE’s) CVE-2016-1000138

CVE-2016-1000213

CVE-2016-1000215

CVE-2016-1000216

Many more, here:https://www.cvedetails.com/vulnerability-list/year-2016/month-11/November.html

Mitigations

//Mitigations• Using Super Strong passwords• Regular Updates• Delete stuffs you don’t use• Set proper Permissions• Disable directory listing

//Conclusions

//Thank you:• https://en.wikipedia.org/wiki/Content_management_system• https://www.imperva.com/docs/HII_Web_Application_Attack_Report_Ed5.pdf• http://www.cms.co.uk/types/• https://www.oomphinc.com/notes/2015/04/dont-hack-my-drupal-man/• https://www.isaumya.com/10-tips-to-protect-wordpress-site-from-hackers/• https://www.google.com/imghp• https://securityintelligence.com/news/new-year-new-problems-cms-vulnerabilites-take-on-2016/

https://en.wikipedia.org/wiki/Content_management_system

https://en.wikipedia.org/wiki/Content_management_system

https://www.imperva.com/docs/HII_Web_Application_Attack_Report_Ed5.pdf



http://www.cms.co.uk/types/

http://www.cms.co.uk/types/

https://www.oomphinc.com/notes/2015/04/dont-hack-my-drupal-man/



https://www.isaumya.com/10-tips-to-protect-wordpress-site-from-hackers/



https://www.google.com/imghp

https://www.google.com/imghp

Thank you

aishwarya cms

Technology