CMS and security: introduction and overview
During the last few months, the news has echoed the latest cyber-attacks, almost always related to large companies and their computer equipment. So much so that the security related to the global world that is the Internet has become a hot topic; although if we analyze this matter with a little depth, the one thing they all have in common is lack of security.
The improvement of Internet security has several factors involved: the owners of the websites, the infrastructure that provides the service to visitors and users and the engineers who maintain them along with the developers and designers. That's why we started, with this entry, a series of two articles in the Register blog to publicize our point of view on the subject and provide our analysis and possible solutions to the problem posed by the security or insecurity of the content managers most common on the Internet: Wordpress, Joomla and Ecommerce platforms such as Prestashop.
Content managers such as Joomla and Wordpress, Ecommerce platforms such as Prestashop are useful, friendly, fast and also free. Behind all of them there are large communities developing and adding new functionalities for their users, in many cases in a disinterested way. We can safely say that CMS have done as much or more for the popularization of the Internet than many other technologies.
It is necessary to point out a key point when we talk about these applications: all its code is open and this has serious implications that often the suppliers and consultants do not communicate with the clients. An open source application is exposed to everyone and that is positive. Many programmers and enthusiasts can improve their code, expand functionality and find possible security vulnerabilities. This same strong point is demonstrating one of the main shortcomings of open source. Not all people who look at the code in search of security holes that they will do with the intention of correcting them. Others´ intention may be the opposite! They can be used to obtain credit card numbers etc..
If we add to this the great proliferation of sites that use Joomla and WordPress due to their gratuity (the latest statistics speak of more than 100 million sites) we can say that both factors combined make the search for security flaws in these CMS by part of malicious agents is very attractive. In summary, it seems sensible to think that there is an opportunity for success and a possibility of obtaining a benefit.
But all is not lost, the IT providers have the knowledge and the sufficient tools so that their content manager and their Ecommerce platform increases their security. We hope you will continue reading in the second part of this series: CMS and security: cloud services to the rescue.