Abstract [eng] |
There are quite a few websites online that use one of many currently available web content management systems (CMS). CMS usually do not require in-depth technological knowledge. In fact, they are designed with an idea that any user can create and publish their website. Unfortunately, ordinary CMS users often lack knowledge in security area. CMS-based websites, same as those that are created from scratch, experience similar common security threats. In addition to common security threats, there are some CMS-specific ones that are hardly discovered by standard security assessment programs, generally called web vulnerability scanners. Security problems often lie in configuration level and, in order to discover them, CMS-specific security checking rules are required. In this paper, CMS-specific security requirements list was compiled and model of the programs that checks if CMS complies with requirements was provided. Then two algorithms were programmed that helped assess how Joomla and Drupal web content management systems comply with security requirements. Experimental study was carried out with two aforementioned content management systems. The study was carried out with the freshly installed content management systems, and then repeated after system configuration parameters adjustment. Finally, two Drupal CMS-based and online-accessible websites were assessed. |