Cookie Control

This site uses cookies to store information on your computer.

Some cookies on this site are essential, and the site won't work as expected without them. These cookies are set when you submit a form, login or interact with the site by doing something that goes beyond clicking on simple links.

We also use some non-essential cookies to anonymously track visitors or enhance your experience of the site. If you're not happy with this, we won't set these cookies but some nice features of the site may be unavailable.

(One cookie will be set to store your preference)
(Ticking this sets a cookie to hide this popup if you then hit close. This will not store any personal information)

About this tool

About Cookie Control

         

Secure Web 2.0 (& Drupal) Part 1

Tue, 05/26/2015 - 13:35 -- pottol
CMS Logical Schema

The term “Web 2.0”refers to evolved web techniques such as provide a better interaction between user and site.

This should be performed by the means of a CMS (Content Management System). It allows for websites based

on contents/comments paradigm.

 

Web 2.0 Architecture

The CMS is an infrastructural layer, offering the following advantages:

· Interface: the user choose the information (text, images, videos) to display, interacting with the website,

according to specific actions (e.g. click, sting insertion).

· Protocol: it acts like a buffer, uncoupling the information from the way these are displayed. This allow

for a more dynamic content uploads and modifications

· Service: it organize the content, structuring the information along the web interface

According to [1], only 38,6% of Web Sites make use of a CMS infrastructure (that is, 61.4% are more than static

website).

The information are no more static, these are collected, elaborated and presented depending on user input. The

following actions are performed orderly:

· retrieving input (link follow, form fill)

· translating input as punctual queries to perform interrogation

· accessing data set (DB), extracting the data

· calculating information to show (query results)

· displaying information to user, usually, in a user-dependent way (HTML resources)

HTTP and HTML are used as interface, merely. The Web 2.0 requires intelligence, a proper set of instruction

to react to user input (named Web Application). Moreover,

Thus, there are 3 main components in CMS-ready Web Infrastructure:

1. Web Server (the interface)

2. Web Application (the logic)

3. DB (the data set)

 

CMS: Logical Schema

CMS Functionality: Building and Updating Web-Site dynamically, without:

· HTML programming

· Server-side Language (PHP, Java, .Net) Programming

· DB designing and deploying

Moreover, the CMS allows dealing with today issues (both technical and social):

1. Responsiveness: different display (PC, SmartPhone, TouchScreen, etc) and new technologies (wearable

technologies, Internet of Things)

2. Social-Ready: user interaction (blog, forum, wiki, etc)

3. Fulfillness: augmented content types (docs, photos, images, video, audio, presentation, messages, etc)

By the means of only one interface: HTTP (1.1), uncoupling interface, aspect and content. The picture

depicts the CMS addressing its tasks

However, CMS is another application on top of previous HTTP-ready environment. It introduces (for sure) new vulnerabilities and threats. CMS Security should be addressed.

Tags: 
CMS
OWASP
Drupal
Security

Comments

Submitted by pottol on

How to Secure the Web 2.0 environment, since it needs CMS application to run