OWASP

Projecting & Securing Web2.0: CMS Security

Fri, 09/04/2015 - 10:26 -- pottol

0         CMS Security

Security should have to be seriously considered in CMS development.

0.1        Security Threats

0.1.1        Is the Web 2.0 insecure by design?

The most part of exploits come from Web 2.0 components. Infrastructural ones are residual (according to [21]).

 

 

 

Usual Example of cyber attacks:

·         Web: SQLi, Defacement, iFrame, Account Hijack, XSS

·         Infr: DNS Hijacking, Application, Malware, Ramsonware, Botnet, 0-Day

Secure Web 2.0 (& Drupal) Part 5

Tue, 05/26/2015 - 13:52 -- pottol
Encrypt

A5 Security Misconfiguration

Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. Secure settings should be defined, implemented, and maintained, as defaults are often insecure. Additionally, software should be kept up to date.

Check the Server Configuration:

·         Check the Server hardening

·         Avoid using FTP

Pages

Subscribe to RSS - OWASP