際際滷

際際滷Share a Scribd company logo

Aishwarya cms

?Download as PPTX, PDF?
?
A
Aishwarya Iyer

This document summarizes content management systems (CMS), including what they are, common types, platforms they run on, and security vulnerabilities. A CMS is a web application that allows creating and modifying digital content. Common types include web-based, enterprise, mobile, and component-based systems. Popular platforms include Java, ASP.NET, PHP, and mobile. CMS systems are prone to vulnerabilities like weak passwords, outdated plugins, and SQL injection. High profile attacks have exploited vulnerabilities in Drupal and other CMS platforms. Proper security measures include strong unique passwords, regular updates, removing unused features, and disabling directory listings.

1 of 21
Download to read offline
By- Aishwarya Iyer CISC (3 months) CONTENT MANAGEMENT SYSTEM
//Index ?CMS ?Types of CMS ?CMS - on different platform ?Why security ?Vulnerabilities ?Common Vulnerability Exposure ?Mitigations ?References
CMS? What is it?
//CMS-What is it? ? A content management system is computer application that supports the creation and modification of digital content using a blah..blah..blah´!!!!! ? Simple meaning: A web app hosted on a web server to help us make a website. ? A good CMS: Flexible Easy Administration Tools to make a great website ? Advantages: Reduces need to code from scratch uniform look and feel etc..
Types of CMS
//Types of CMS ?Web based (WCMS) ?Enterprise (ECMS) ?Mobile (MCMS) ?Component (CCMS)
CMS-on different platforms
//CMS-on different platforms ? Java based: HIPPO CMS Magnolia CMS ? ASP.NET based: DotNetNuke MojoPortal ? PHP based: Drupal Joomla Wordpress
Why Security?
//Why Security?
Vulnerabilities
//Vulnerabilities ? Use of Frameworks ? Nobody to take responsibility ? Virtual gold mine for hackers once vulnerability is discovered ? Weak passwords ? Different plugins by different developers ? SQL injection ? XSS
Known attacks on CMS
//Known Attacks on CMS ?Panama Paper leak: A complete failure of CMS Security Attack: Vulnerable CMS Plugins The hack: Company failed to Encrypt mails Irresponsible use of CMS Out of date version of component
//Known Attacks on CMS ?Drupal: Up to 12 million websites Automate Attack to take control of the site Necessary to apply the patches within 7 hours Disadvantage: Automatic update roller
//Known Vulnerabilities(CVE¨s) ? CVE-2016-1000138 ? CVE-2016-1000213 ? CVE-2016-1000215 ? CVE-2016-1000216 ? Many more, here: https://www.cvedetails.com/vulnerability-list/year-2016/month- 11/November.html
Mitigations
//Mitigations ? Using Super Strong passwords ? Regular Updates ? Delete stuffs you don¨t use ? Set proper Permissions ? Disable directory listing
//Conclusions
//Thank you: ? https://en.wikipedia.org/wiki/Content_management_system ? https://www.imperva.com/docs/HII_Web_Application_Attack_Repo rt_Ed5.pdf ? http://www.cms.co.uk/types/ ? https://www.oomphinc.com/notes/2015/04/dont-hack-my-drupal- man/ ? https://www.isaumya.com/10-tips-to-protect-wordpress-site-from- hackers/ ? https://www.google.com/imghp ? https://securityintelligence.com/news/new-year-new-problems-cms- vulnerabilites-take-on-2016/
Thank you

More Related Content

Aishwarya cms