This Article 
 Bibliographic References 
 Add to: 
Security in Open Source Web Content Management Systems
July/August 2009 (vol. 7 no. 4)
pp. 44-51
Michael Meike, Trusted Bytes
Johannes Sametinger, Johannes Kepler University, Lintz, Austria
Andreas Wiesauer, Johannes Kepler University, Lintz, Austria
Typically, users of Web content management systems lack expert knowledge of the technology itself, let alone the security issues therein. Complicating the matter, WCMS vulnerabilities are attractive targets for potential attackers. A security analysis of two popular, open-source WCMSs exposed significant security holes, despite the obvious efforts of their developer communities. These vulnerabilities leave the applications and their nonexpert users open to exploitation.

1. H. Collins, Enterprise Knowledge Portals: Next Generation Portal Solutions for Dynamic Information Access, Better Decision Making, and Maximum Results," Am. Management Assoc., 2003.
2. T. Päivärinta and B.E. Munkvold, "Enterprise Content Management: An Integrated Perspective on Information Management," Proc. 38th Hawaii Int'l Conf. on System Sciences, IEEE CS Press, 2005, p. 96.
3. H.A. Smith and J.D. McKeen, "Developments in Practice VIII: Enterprise Content Management," Comm. Assoc. of Information Systems, vol. 11, no. 33, 2003, pp. 647–659.
4. P. Hallikainen, H. Kivijärvi, and K. Nurmimäki, "Evaluating Strategic IT Investments: An Assessment of Investment Alternatives for a Web Content Management System," Proc. 35th Hawaii Int'l Conf. on System Sciences, IEEE CS Press, 2002, pp. 238–248.
5. G. McGraw, Software Security: Building Security In, Addison–Wesley, 2006.
6. Symantec Internet Security Threat Report, Trends for July-December 07, Volume XIII, Apr. 2008, white_papersb-whitepaper_internet_security_threat_report_xiii_04-2008.en-us.pdf .
7. R. Newman, "Cybercrime, Identify Theft, and Fraud: Practicing Safe Internet—Network Security Threats and Vulnerabilities," Proc. 3rd Conf. on Information Security Curriculum Development, ACM Press, 2006, pp. 68–77.
8. A. Tanenbaum and M. van Steen, Distributed Systems—Principles and Paradigms, Prentice Hall, 2002.
9. M. Howard and D. LeBlanc, Writing Secure Code, Microsoft Press, 2001.
10. G. Hoglund and G. McGraw, Exploiting Software: How to Break Code, Addison-Wesley, 2004.
11. E. Jonsson, "Towards an Integrated Conceptual Model of Security and Dependability," Proc. 1st Int'l Conf. on Availability, Reliability and Security (ARES 06), IEEE CS Press, 2006, pp. 646–653.
12. Compass Design, How Many Websites Use Joomla: 30 million? .
13. Drupal Assoc., Writing Secure Code, 2006; http://drupal.orgwriting-secure-code.

Index Terms:
Internet application, security, electronic commerce, open source software
Michael Meike, Johannes Sametinger, Andreas Wiesauer, "Security in Open Source Web Content Management Systems," IEEE Security & Privacy, vol. 7, no. 4, pp. 44-51, July-Aug. 2009, doi:10.1109/MSP.2009.104
Usage of this product signifies your acceptance of the Terms of Use.