Hrvoje Jerkovic, Branko Sinkovic
Vulnerability Analysis of most Popular Open Source Content Management Systems with Focus on WordPress and Proposed Integration of Artificial Intelligence Cyber Security Features
|PDF FULL-TEXT HTML|
Web sites are major sources of information today and Internet is dominating platform for deployment of various applications built for worldwide audience. Modern Content Management Systems (CMS) play major role in that situation since they enable technical users to build various standard and custom web applications but they also enable non-technical users to build various web sites and applications using standard and extended set of tools provided by CMS developers. This paper will analyze latest major CMS vulnerabilities, effectiveness of various security communities’ responses with propositions for improvements.
Content Management Systems, web site security, cyber security, web filtering, web firewall, vulnerabilities, artificial intelligence
. Patil, S., Hare Hunting in the Wild Web: A Study of Web Security Threats and Solutions. 2016.
. Canfora, G. and C.A. Visaggio, A set of features to detect web security threats. Journal of Computer Virology and Hacking Techniques, 2016. 12(4): p. 243-261.
. Costa Nunes, P.J., J. Fonseca, and M. Vieira. phpSAFE: A Security Analysis Tool for OOP Web Application Plugins. in Dependable Systems and Networks (DSN), 2015 45th Annual IEEE/IFIP International Conference on. 2015. IEEE.
. Jensen, T., et al., Thaps: automated vulnerability scanning of php applications, in Secure IT Systems. 2012, Springer. p. 31- 46.
. Sethi, S. and V. Singhal. ICTS2016-SS27- 07: A Peek into Web Applications Security. in Proceedings of the Second International Conference on Information and Communication Technology for Competitive Strategies. 2016. ACM.
. Pistoia, M. and O. Tripp, Testing WEB Applications For Security Vulnerabilities With Metarequests. 2016, Google Patents.
. Patel, S.K., V.R. Rathod, and J.B. Prajapati. Comparative analysis of web security in open source content management system. in Intelligent Systems and Signal Processing (ISSP), 2013 International Conference on. 2013. IEEE.
. Onishi, A., Security and Performance, in Pro WordPress Theme Development. 2013, Springer. p. 297-332.
. Mansfield-Devine, S., Taking responsibility for security. Computer Fraud & Security, 2015. 2015(12): p. 15-18.
. Coelho Martins da Fonseca, J.C. and M.P. Amorim Vieira. A Practical Experience on the Impact of Plugins in Web Security. in Reliable Distributed Systems (SRDS), 2014 IEEE 33rd International Symposium on. 2014. IEEE.
. Koskinen, T., P. Ihantola, and V. Karavirta. Quality of WordPress plug-ins: an overview of security and user ratings. in Privacy, Security, Risk and Trust (PASSAT), 2012 International Conference on and 2012 International Confernece on Social Computing (SocialCom). 2012. IEEE.
. Jerković, H., P. Vranešić, and S. Dadić. Securing web content and services in open source content management systems. in Information and Communication Technology, Electronics and Microelectronics (MIPRO), 2016 39th International Convention on. 2016. IEEE.
. Surveys, W.T.-W.T. Usage of content management systems for websites. 2017; Available from: https://w3techs.com/technologies/overview/ content_management/all.
. Surveys, W.T.-W.T. Market share yearly trends for content management systems for websites. 2017; Available from: https://w3techs.com/technologies/history_o verview/content_management/ms/y.
. Ogunrinde, M.A. and T.H. Yoosuf, Performance Analysis on Content Management Systems: A Case Study of Drupal and Joomla. Auditing. 4: p. 6.
. Tripathi, D., Open Source Content Management System for content development. 2015.
. Gilani, S., et al., A Navigational Evaluation Model for Content Management Systems. Nucleus, 2016. 53(2): p. 82-88.
. Dombrowski, Q., Drupal and other content management systems. Doing Digital Humanities: Practice, Training, Research, 2016. 19. WordPress.org. WordPress.org - Plugin Directory. 2017; Available from: https://wordpress.org/plugins/browse/popul ar/.
. Joomla! Joomla! Extensions Directory. 2017; Available from: https://extensions.joomla.org/browse/toprated/.
. Drupal. Download & Extend. 2017; Available from: https://www.drupal.org/project/project_mod ule.
. Conţu, C.A., et al. Security issues in most popular content management systems. in Communications (COMM), 2016 International Conference on. 2016. IEEE.
. Mehrotra, S. and S. Kohli. The Study of the Usage of Data Analytic and Clustering Techniques for Web Elements. in Proceedings of the ACM Symposium on Women in Research 2016. 2016. ACM.
. Design, I., How to Improve Wordpress Security For Your Website| Security Plugins. 2016.
. Ball, T. WordPress security weak spot lets hackers infiltrate and vandalise. February 2017; Available from: http://www.cbronline.com/news/cybersecuri ty/breaches/wordpress-security-weak-spotlets-hackers-infiltrate-and-vandalise/.
. Campbell, A.D. WordPress 4.7.2 Security Release. January 26, 2017 Available from: https://wordpress.org/news/2017/01/wordpr ess-4-7-2-security-release/.
. Stockley, M. Critical WordPress update fixes zero-day flaw unnoticed. 2017; Available from: https://nakedsecurity.sophos.com/2017/02/0 3/critical-wordpress-update-fixes-zero-dayflaw-unnoticed/.
. Cimpanu, C. Google Makes WordPress Site Owners Nervous Due to Confusing Security Alerts. 2017; Available from: https://www.bleepingcomputer.com/news/se curity/google-makes-wordpress-siteowners-nervous-due-to-confusing-securityalerts/.
. Design, W.F. GoDaddy and SiteLock Make a Mess of a Hack Cleanup (And Drop The Ball on Security As Well). 2017; Available from: https://www.whitefirdesign.com/blog/2016/ 09/14/godaddy-and-sitelock-make-a-messof-a-hack-cleanup-and-drop-the-ball-onsecurity-as-well/.
. Stockley, M. Critical Xen vulnerability went undiscovered for seven years. 2015.
. Jones, M.T., Artificial Intelligence: A Systems Approach: A Systems Approach. 2015: Jones & Bartlett Learning.
. Dickson, B. Exploiting machine learning in cybersecurity. 2016.
. Palmer, C., et al. Cognitive Cyber Security Assistants—Computationally Deriving Cyber Intelligence and Course of Actions. in 2016 AAAI Fall Symposium Series. 2016.
. Ray, P.D., et al., Pervasive, domain and situational-aware, adaptive, automated, and coordinated analysis and control of enterprise-wide computers, networks, and applications for mitigation of business and operational risks and enhancement of cyber security. 2014, Google Patents.
. Dilley, J.A., et al., Cloud based firewall system and service. 2015, Google Patents.
. Prince, M.B., et al., Supporting secure sessions in a cloud-based proxy service. 2015, Google Patents.
Cite this paper
Hrvoje Jerkovic, Branko Sinkovic. (2017) Vulnerability Analysis of most Popular Open Source Content Management Systems with Focus on WordPress and Proposed Integration of Artificial Intelligence Cyber Security Features. International Journal of Economics and Management Systems, 2, 66-74