SECURITY CONTROLS FOR CONTENT MANAGEMENT SYSTEMS BASED ON FREE SOFTWARE
Keywords:
Seguridad Web, CMControles de Seguridad, WordPress, Drupal, JoomlaAbstract
The Content Management Systems represent a Web technology widely used today, especially those based on Free Software such as WordPress, Drupal, and Joomla. Due to their wide dissemination, these systems are constantly attacked from the Internet, which has also meant an increase in cybersecurity incidents worldwide in this field, reaching tens of thousands of compromised web portals daily when critical vulnerabilities of security. Therefore, the purpose of the present investigation was to conceptualize and structure a set of security controls that could be applied systemically to the installations of web portals based on WordPress, Drupal, and Joomla and thus formalize the CMS as a layer of security in the strategy of defense in depth of the computer infrastructure. The research conceptualized a total of 29 security controls, distributed in seven different groups. 79% of these controls can be applied to other CMS and the rest can be taken as the basis for the determination of specific controls. The use of these security controls allows increasing the reasonable levels of security in this technology, in addition to guaranteeing better management of the computer security processes in the entities. As future work, studies focused on the design of metrics that can weigh the contribution of each control to security, and the development of automated mechanisms for its audit is proposed.
Downloads
Downloads
Published
How to Cite
Issue
Section
License
The authors who publish in this journal agree to the following terms:
- The authors retain the copyright and guarantee to the journal the right to be the first publication of the work are distributed under a license of use and distribution "Creative Commons Attribution-NonCommercial-NoDerivativeWorks 3.0 Unported" (CC BY-NC-ND 3.0) You can consult from here the informative version and the legal text of the license that allows others to share the work with an acknowledgement of the authorship of the work and the initial publication in this journal.
- Authors may separately enter into additional agreements for non-exclusive distribution of the version of the work published in the journal (for example, placing it in an institutional repository or publishing it in a book), with an acknowledgement of its initial publication in this journal.
- Authors are allowed and encouraged to disseminate their work electronically (e.g., in institutional repositories or on their own website) before and during the submission process, as this can lead to productive exchanges as well as earlier and greater citation of published work (see The Effect of Open Access).